F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

DWillis_251723's avatar
DWillis_251723
Icon for Nimbostratus rankNimbostratus
Mar 30, 2016

iRule to allow only TCP port 444, 8000, and 9001

I am configuring a VIP using port 0 to allow all traffic and an iRule to drop everything but TCP ports 444, 8000, and 9001 but my iRule syntax is not being accepted. Here is what I was attempting to...
application delivery
iRules
arpydays's avatar
arpydays
Icon for Nimbostratus rankNimbostratus
Mar 30, 2016

couple of things, you are missing a closed parenthesis, I'm guessing you want to use the dest ports on the client connection not the source ports so you could use TCP::local_port, also no need to negate the equals if you already have a NOT at the end. This should work for you.

when CLIENT_ACCEPTED {
    if { not ([TCP::local_port] eq 444 or [TCP::local_port] eq 8000 or [TCP::local_port] eq 9001) } {  
      drop
    } 
}