For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sstafford's avatar
sstafford
Icon for Nimbostratus rankNimbostratus
Apr 03, 2009

IRule to block all but a few members of a subnet

For give the newbie question, but this will be all of the second iRule that I've ever had to write. We've got a situation where a major application has failed, and we're moving it behind the LTM. Ho...
application delivery
dev
devops
iRules
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Apr 03, 2009
Since it's temporary, you could just use packet filters rather than writing a rule.

Or, something like: 

 
 when CLIENT_ACCEPTED { 
   if { not (IP::addr[IP::client_addr] equals "x.x.x.x") } { 
       add add'l IP's with an || operator if needed 
       discard 
     } 
 }

or if you create a Data Group (class) with your list of IP's: 

 
 when CLIENT_ACCEPTED { 
    if { not ( [matchclass $::data_group_name contains IP::addr[IP::client_addr]]) } { 
      discard 
   }  
 }

Denny