Forum Discussion
Richard_Young_1
Nimbostratus
NimbostratusIrule to limit number of out connections to a specific IP address
I need an IRule to block outgoing connection requests to a specific IP address after 1 connection is already established.
I looked at samples and was wondering if this irule would work?
Also I would want to add a specific port to the ip address so that the connections would be limited to 1 to say 172.20.155.144 port 2301
bigpipe rule '_blocktcp_connections {
when RULE_INIT {
set ::max_connections 1
set static ::active_connections 0
}
when CLIENT_ACCEPT {
this should allow all other connections to pass
if { not [IP::addr [IP::local_addr] equals 172.20.155.144] }
{
return
}
this should prevent additional connections to destination
if {$::active_connections > $::max_connections}
{
reject
}
set::active_connections 1
}
when CLIENT_CLOSED {
incr ::active_connections 0
}'
nitassEmployee
this is mine.[root@ve1023:Active] config b virtual wildcard list virtual wildcard { ip forward snat automap destination any:any mask 0.0.0.0 rules myrule } [root@ve1023:Active] config b class exclude_dg list class exclude_dg { host 8.8.8.8 } [root@ve1023:Active] config b rule myrule list rule myrule { when RULE_INIT { set static::timeout indefinite set static::lifetime 180 } when CLIENT_ACCEPTED { if {not [class match -- [IP::local_addr] equals exclude_dg]}{ if {[table lookup -notouch [IP::local_addr]] == 1}{ reject event CLIENT_CLOSED disable } else { table set [IP::local_addr] 1 $static::timeout $static::lifetime } } } when CLIENT_CLOSED { table delete [IP::local_addr] } }