IRule to block all but a few members of a subnet

Question

For give the newbie question, but this will be all of the second iRule that I've ever had to write.  We've got a situation where a major application has failed, and we're moving it behind the LTM.  However, we'd like to make sure that it is working prior to the public pounding on it--which they will do the second it comes up, unless we block most of the world from accessing it, while allowing the testing team's ips through. I know it can be done, I'm just not sure where to start.

dennypayne · Answer

Since it's temporary, you could just use packet filters rather than writing a rule. 
  
 Or, something like:

when CLIENT_ACCEPTED { 
   if { not (IP::addr[IP::client_addr] equals "x.x.x.x") } { 
       add add'l IP's with an || operator if needed 
       discard 
     } 
 }

or if you create a Data Group (class) with your list of IP's:

when CLIENT_ACCEPTED { 
    if { not ( [matchclass $::data_group_name contains IP::addr[IP::client_addr]]) } { 
      discard 
   }  
 }

Denny

Forum Discussion

IRule to block all but a few members of a subnet

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

Using Client Subnet in DNS Requests

Implementing Client Subnet DNS Requests

Interrogate Pool Member Priority Group from iRule

Configuring Pool members in a separate subnet of self IP on a Virtual Server

DevCentral's Featured Member for February - Edouard Zorrilla

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS