Forum Discussion

Nimbostratus

Mar 30, 2016

iRule to allow only TCP port 444, 8000, and 9001

I am configuring a VIP using port 0 to allow all traffic and an iRule to drop everything but TCP ports 444, 8000, and 9001 but my iRule syntax is not being accepted. Here is what I was attempting to...

application delivery

iRules

arpydays

Nimbostratus

Mar 30, 2016

couple of things, you are missing a closed parenthesis, I'm guessing you want to use the dest ports on the client connection not the source ports so you could use TCP::local_port, also no need to negate the equals if you already have a NOT at the end. This should work for you.

when CLIENT_ACCEPTED {
    if { not ([TCP::local_port] eq 444 or [TCP::local_port] eq 8000 or [TCP::local_port] eq 9001) } {  
      drop
    } 
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to allow only TCP port 444, 8000, and 9001

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

Related Content

iRules Style Guide

Managing Model Context Protocol in iRules - Part 3

Managing Model Context Protocol in iRules - Part 1

Re: F5 HTTPS Redirect iRule Update

Hey DeepSeek, can you write iRules?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS