iRule to Limit Connections from Source IP to Destination IP

Guys,

 

 

Novice to iRules brings himself before you.

 

 

I've been given a requirement to Limit the number of Connections from a number of Source Hosts to a Destination.

 

 

This is where I've gotten to:-

 

 

bigpipe class 'conn_limit_Pi {

 

host <> {"<>"}

 

}'

 

bigpipe rule '_Pi_throttle_tcp_connections {

 

when CLIENT_ACCEPT {

 

set limit [class match [IP:client_addr] equals conn_limit_Pi]

 

set tbl "connlimit:[IP:client_addr]"

 

set key "[IP::client_addr][TCP::client_port]"

 

if { [table keys -subtable $tbl -count] >= $limit } {

 

reject

 

} else {

 

table set -subtable $tbl $key "ignored" <>

 

}

 

}

 

when CLIENT_CLOSED {

 

table delete -subtable $tbl $key

 

}'

 

 

Unfortunately I am unable to find how to target the Destination. Would another "Class" Statement do the Trick? And if so, how would I introduce this into the iRule to Target the Destination if ir Orginates from the Specific Source.

 

 

Thanks in Advance.

 

 

Chris.