Forum Discussion

hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Feb 09, 2010

iRule to mimic Cisco ACL for Forwarding VIP

Hi All,     Can somebody please help me write an iRule that will permit/deny the outside world from accessing the real servers behind the F5???     For example I have an inside_v...
application delivery
dev
devops
iRules
hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Feb 09, 2010
Great!!! Thanks a bunch Aaron.

 

 

I read this article you mentioned and it's doing exactly what I want.

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/AccessControlBasedOnIP.html

 

 

Quick question...say from the real server I ping www.google.com (which isn't listed in the trustedAddresses class).

 

 

I'm still getting a reply back from google. This is great but I was wondering that given google ip's are not in the trustedAddresses classs, why am I getting a ping response back. I can only suspect that because the connection was initiated from the real server that the F5 implements some tracking like how a Cisco ACL might do it with a "permit tcp any any established" command.

 

 

Can someone please explain why this might be happening? Thanks.

 

 

Andy