Forum Discussion
Woodman_42259
Nimbostratus
NimbostratusiRule to block a specific destination IP?
I have a TLM1600 (BIG-IP 10.2.0 Build) and need to block incoming traffic that is destined for a specific public IP address (not domain name). Will the following iRule work? Thanks!
when HTTP_REQUEST {
if {[string match {*[x.x.x.x]*} [HTTP::header host]] }{
discard
}
}
nitassEmployee
is it something like this?[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool gateway destination any:any mask 0.0.0.0 ip protocol 6 rules myrule } b[root@ve1023:Active] config b pool gateway list pool gateway { members 172.28.19.254:any {} } [root@ve1023:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { if {[IP::addr [IP::local_addr] equals 8.8.8.8]} { reject } } } [root@ve1023:Active] config tcpdump -nni 0.0 host 8.8.8.8 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 16:30:04.985008 IP 200.200.200.101.44153 > 8.8.8.8.80: S 2127088066:2127088066(0) win 5840 16:30:04.985147 IP 8.8.8.8.80 > 200.200.200.101.44153: S 2373168066:2373168066(0) ack 2127088067 win 4380 16:30:04.985941 IP 200.200.200.101.44153 > 8.8.8.8.80: . ack 1 win 46 16:30:04.986134 IP 8.8.8.8.80 > 200.200.200.101.44153: R 1:1(0) ack 1 win 4380- nitassin case of using fastl4 profile.
[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool gateway destination any:any mask 0.0.0.0 ip protocol 6 rules myrule profiles fastL4 {} } [root@ve1023:Active] config tcpdump -nni 0.0 host 8.8.8.8 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 16:32:51.479054 IP 200.200.200.101.44154 > 8.8.8.8.80: S 26962956:26962956(0) win 5840 16:32:51.479118 IP 8.8.8.8.80 > 200.200.200.101.44154: R 0:0(0) ack 26962957 win 0 
Woodman_42259Thanks Nitass, I will give it a try.