Forum Discussion

Nimbostratus

Mar 10, 2011

iRule to filter based on subnet

Greetings all, I have been reading some other forum posts about using iRules to filter client IP's, and I have come across some discussions about how to get subnets to work, but I am still a little lo...

Cirrostratus

Mar 10, 2011

Hi Gorf,

The switch statement you're using performs a string comparison of the client IP against the addresses. It would be more efficient to use an address type datagroup and 'matchclass' to do this. An address datagroup also supports subnets.

http://devcentral.f5.com/wiki/default.aspx/iRules/matchclass


when CLIENT_ACCEPTED {
   if { not ([matchclass [IP::client_addr] equals allowed_subnets_class]) } { 
      drop
   }
}

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to filter based on subnet

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

syslog over tcp and define management IP as source

Managing iRules configuration

Recommendation for Adv. Lab

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

How to configure ssh access by key on F5OS

Related Content

Using Client Subnet in DNS Requests

Implementing Client Subnet DNS Requests

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Implementing Client Subnet in DNS Requests

JSON-query'ish meta language for iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS