Forum Discussion

Jorge_48257's avatar
Jorge_48257
Icon for Nimbostratus rankNimbostratus
Apr 22, 2011

iRule to drop port request

How can I drop request to a VIP on tcp port 110 and 143 on a LTM running version 10.2.0? I've tried the following but it does not seem to work. if { [TCP::local_port] != 110} { drop } I get line 1: [...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Apr 22, 2011
it's verified accept in tcp profile. anyway, it's available only in v10.

sol7559: Overview of the TCP profile

http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7559.html

i used reject instead of drop since i'd like to see error when connecting to port 22. 


virtual bar {
   snat automap
   pool foo
   destination 172.28.17.33:any
   ip protocol tcp
   rules myrule
   profiles mytcp {}
}
pool foo {
   members 10.10.70.110:any {}
}
rule myrule {
   when CLIENT_ACCEPTED {
      if {[TCP::local_port] == 22} {
         reject
      }
   }
}
profile tcp mytcp {
   defaults from tcp
   verified accept enable
}

 ssh 172.28.17.33
ssh: connect to host 172.28.17.33 port 22: Connection refused