Forum Discussion
Norris_141656
Mar 10, 2014Nimbostratus
iRule To Control Access Based on Source and Destination Addresses
Hi Guys
I am trying to work on a iRule for a virtual server that permits traffic from a couple of devices behind the the BIG-IP (192.168.1.15 and 192.168.1.20) to a couple of FTP sites out on the i...
- Mar 11, 2014
You seem to have a good grasp, however I don't think I was paying enough attention when I made my other update. I only mentioned /Common/dg_ftp_out as you had referenced it but not defined it. I don't really see that it's necessary - you could get away with what's below instead;-
when CLIENT ACCEPTED { if {!([class match [IP::client_addr] equals dg_allowed_ftp_sources] && [class match [IP::local_addr] equals dg_allowed_ftp_destinations])} { discard return } }
IheartF5_45022
Mar 10, 2014Nacreous
I think this would achieve the same....also you will need a /Common/dg_ftp_out
when CLIENT ACCEPTED {
set ftp_acl [class match -value [virtual name] equals /Common/dg_ftp_out]
if {![class exists $ftp_acl] } {
discard
return
} elseif {![class match [IP::client_addr] equals $ftp_acl] } {
discard
return
}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects