Forum Discussion

Greenberg's avatar
Greenberg
Icon for Nimbostratus rankNimbostratus
Mar 08, 2012

iRule to Limit Connections from Source IP to Destination IP

Guys,     Novice to iRules brings himself before you.     I've been given a requirement to Limit the number of Connections from a number of Source Hosts to a Destination.     This ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 08, 2012
Hi Chris,

It looks like you're limiting concurrent client connections. Do you have one destination IP to check? If so, you could add this check first in CLIENT_ACCEPTED:


when CLIENT_ACCEPTED {
   if { not [IP::addr [IP::local_addr] equals 1.1.1.1] }{
      return
   }
   ...

If you have more than one destination IP to check you could use a data group:


when CLIENT_ACCEPTED {
   if { not [class match [IP:local_addr] equals conn_limit_destinations_dg] }{
      return
   }
   ...

Either way, if you're not creating a subtable entry on every connection, you'd want to check if $key had been defined for that connection before trying to remove the key:


when CLIENT_CLOSED {
   if {[info exists key]}{
      table delete -subtable $tbl $key
   }
}

Aaron