Forum Discussion

Woodman_42259's avatar
Woodman_42259
Icon for Nimbostratus rankNimbostratus
Feb 10, 2012

iRule to block a specific destination IP?

I have a TLM1600 (BIG-IP 10.2.0 Build) and need to block incoming traffic that is destined for a specific public IP address (not domain name). Will the following iRule work? Thanks! when HTTP_...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Feb 10, 2012
is it something like this? 

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool gateway
   destination any:any
   mask 0.0.0.0
   ip protocol 6
   rules myrule
}
b[root@ve1023:Active] config  b pool gateway list
pool gateway {
   members 172.28.19.254:any {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
        if {[IP::addr [IP::local_addr] equals 8.8.8.8]} {
                reject
        }
}
}

[root@ve1023:Active] config  tcpdump -nni 0.0 host 8.8.8.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
16:30:04.985008 IP 200.200.200.101.44153 > 8.8.8.8.80: S 2127088066:2127088066(0) win 5840 
16:30:04.985147 IP 8.8.8.8.80 > 200.200.200.101.44153: S 2373168066:2373168066(0) ack 2127088067 win 4380 
16:30:04.985941 IP 200.200.200.101.44153 > 8.8.8.8.80: . ack 1 win 46 
16:30:04.986134 IP 8.8.8.8.80 > 200.200.200.101.44153: R 1:1(0) ack 1 win 4380