Forum Discussion

Richard_Young_1's avatar
Richard_Young_1
Icon for Nimbostratus rankNimbostratus
Mar 16, 2012

Irule to limit number of out connections to a specific IP address

I need an IRule to block outgoing connection requests to a specific IP address after 1 connection is already established.     I looked at samples and was wondering if this irule would work?  ...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Mar 16, 2012
this is mine. 

[root@ve1023:Active] config  b virtual wildcard list
virtual wildcard {
   ip forward
   snat automap
   destination any:any
   mask 0.0.0.0
   rules myrule
}
[root@ve1023:Active] config  b class exclude_dg list
class exclude_dg {
   host 8.8.8.8
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
   set static::timeout indefinite
   set static::lifetime 180
}
when CLIENT_ACCEPTED {
   if {not [class match -- [IP::local_addr] equals exclude_dg]}{
      if {[table lookup -notouch [IP::local_addr]] == 1}{
         reject
         event CLIENT_CLOSED disable
      } else {
         table set [IP::local_addr] 1 $static::timeout $static::lifetime
      }
   }
}
when CLIENT_CLOSED {
   table delete [IP::local_addr]
}
}