Forum Discussion

Norris_141656's avatar
Norris_141656
Icon for Nimbostratus rankNimbostratus
Mar 10, 2014

iRule To Control Access Based on Source and Destination Addresses

Hi Guys I am trying to work on a iRule for a virtual server that permits traffic from a couple of devices behind the the BIG-IP (192.168.1.15 and 192.168.1.20) to a couple of FTP sites out on the i...
  • IheartF5_45022's avatar
    Mar 11, 2014

    You seem to have a good grasp, however I don't think I was paying enough attention when I made my other update. I only mentioned /Common/dg_ftp_out as you had referenced it but not defined it. I don't really see that it's necessary - you could get away with what's below instead;-

    when CLIENT ACCEPTED {
       if {!([class match [IP::client_addr] equals dg_allowed_ftp_sources] && [class match [IP::local_addr] equals dg_allowed_ftp_destinations])} { 
          discard
          return
       }
    }