Forum Discussion

Bastien_124165's avatar
Bastien_124165
Icon for Nimbostratus rankNimbostratus
Oct 27, 2016

iRule to blocked established connection

I have an iRule to blocked range of IP, but it's using the event CLIENT_ACCEPTED. I'm trying to do the same against established connections, eg. I want to block an attack from an IP.

 

I've seen this but doesn't seem like it's working.

 

I'd like to block any protocol, so I can't just use when HTTP_REQUEST.

 

Any suggestions ?

 

  • Hi,

    I think that in the link shared is missing TCP::collect within CLIENT_ACCEPTED event. So, as a first shot, I think you may try to put the statement. e.g.

    when CLIENT_ACCEPTED {
      log local0. "\[class get blacklist\]=[class get blacklist]"
      TCP::collect
    }
    

    I hope it helps.