Forum Discussion
grilledcheez_21
Nimbostratus
NimbostratusiRule to allow only some IPs, Data traffic.
Hello,
I'm trying to create an iRule for only allowing certain IPs through to a VIP. I was given this iRule by a co-worker, but it doesn't seem to work. All traffic appears to be getting blocked. I...
Couple things. Try adding
and put your reject in theIP::addr
command.defaultwhen CLIENT_ACCEPTED { switch [IP::addr [IP::client_addr]] { 10.XX.XX.XX - 10.XX.XX.XX - 10.XX.XX.XX - 10.XX.XX.XX - 10.XX.XX.XX - 10.XX.XX.XX { return } default { reject log local0. "Connection rejected from [IP::client_addr]" } } }
Brad_Parker_139
Nacreous
NacreousCouple things. Try adding
IP::addrdefaultwhen CLIENT_ACCEPTED {
switch [IP::addr [IP::client_addr]] {
10.XX.XX.XX -
10.XX.XX.XX -
10.XX.XX.XX -
10.XX.XX.XX -
10.XX.XX.XX -
10.XX.XX.XX { return }
default {
reject
log local0. "Connection rejected from [IP::client_addr]"
}
}
}
Brad_Parker_139Nacreous
NacreousAlso, if you ever plan on expanding the list of allowed IPs a data group would be better to manage.
when CLIENT_ACCEPTED {
if { [class match [IP::addr [IP::client_addr]] equals allowedIPs_dg] }{
return
}
else {
reject
log local0. "Connection rejected from [IP::client_addr]"
}
}