Forum Discussion
NimbostratusiRule Switch Help please?
Hello, As an iRule newbie im tring to get my switch statements right instead of using "if" statements. This is for my own learning curve, can someone point me in the right direction please and explain to me what is wrong with the following?
when CLIENT_ACCEPTED {
switch [active_members SB_POOL]
{ "0" { reject
log local0. "iRule: Reject-No active members in pool SB_POOL."
}
}
switch [TCP::local_port]
{
"([TCP::local_port] >= 636) and ([TCP::local_port] <=7777)"
{
pool SB_POOL
log local0. "iRule: ACCEPT-Port [TCP::local_port] within range."
}
default { reject
log local0. "iRule: ACCEPT-Port [TCP::local_port] within range."
}
}
}
SymtomsI test using greater than or less than the above range specified. In the LTM logs i get the following...
Rule /Common/SB-SWITCH : iRule: ACCEPT-Port 777 within range. Rule /Common/SB-SWITCH : iRule: ACCEPT-Port 7777 within range. Rule /Common/SB-SWITCH : iRule: ACCEPT-Port 500 within range. BUT i do not get the redirection to the pool which is up????
By the way the following using "if" statements works perfect.... SO whats up with my switch statesments above? Any ideas?
when CLIENT_ACCEPTED {
if {[active_members SB_POOL] < 1}{
reject
log local0. "iRule: Reject-No active members in pool SB_POOL." }
elseif {([TCP::local_port] >= 636) and ([TCP::local_port] <=7777)}{
pool SB_POOL
log local0. "iRule: ACCEPT-Port [TCP::local_port] within range." }
else {
reject
log local0. "iRule: DROP-Port [TCP::local_port] out of range." }
}
6 Replies
- nitass
Employee
e.g.
configuration [root@ve11c:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { switch [active_members foo] { 0 { reject log local0. "iRule: Reject-No active members in pool foo." } default { switch [expr {([TCP::local_port] >= 636) && ([TCP::local_port] <= 7777)}] { 1 { pool foo log local0. "iRule: ACCEPT-Port [TCP::local_port] within range." } default { reject log local0. "iRule: ACCEPT-Port [TCP::local_port] not in range." } } } } } } /var/log/ltm [root@ve11c:Active:In Sync] config tail -f /var/log/ltm Mar 13 18:24:08 ve11c info tmm1[15262]: Rule /Common/qux : iRule: ACCEPT-Port 123 not in range. Mar 13 18:24:13 ve11c info tmm1[15262]: Rule /Common/qux : iRule: ACCEPT-Port 636 within range. Mar 13 18:24:19 ve11c info tmm1[15262]: Rule /Common/qux : iRule: ACCEPT-Port 1000 within range. Mar 13 18:24:25 ve11c info tmm1[15262]: Rule /Common/qux : iRule: ACCEPT-Port 8000 not in range. 
NickN01_135377Genious! Thanks Nitass, i see your way of thinking. The second "Switch" statement with a return result of 1 to denote "true" right? otherwise drop.
- nitass
The second "Switch" statement with a return result of 1 to denote "true" right? otherwise drop.
yes, 1 is true and 0 is false.
[root@ve11c:Active:In Sync] config tclsh % expr {1 < 2} 1 % expr {1 > 2} 0 - NickN01_135377
Nitass, thanks great! thanks alot. I clearly need to get some practice in as an iRule newbie. And thanks for the tclsh tip too. Nice little feature. Ill have a read about for some more iRule fun...any pointers/ links would be much appreciated.
- nitassi think iRules 101 series here may be a good start. there are a few books written by Steven (What Lies Beneath) available at Amazon in case you want to take a look.
- NickN01_135377
Brillinat cheers mate...
