Forum Discussion

Nimbostratus

Feb 09, 2010

iRule to mimic Cisco ACL for Forwarding VIP

Hi All, Can somebody please help me write an iRule that will permit/deny the outside world from accessing the real servers behind the F5??? For example I have an inside_v...

Cirrostratus

Feb 10, 2010

Hi Andy,

Thanks for clarifying; you were on the right track. LTM is stateful in that it tracks the ICMP request in its connection table and allows the response back to the client that originated the request. This is the same behavior for TCP and UDP. The google host wouldn't be able to originate requests through the LTM VIP as it's not in the trusted address datagroup.

You could (and should) only enable the forwarding virtual server on the internal VLAN that the hosts you want to allow are on. This adds another layer of protection against accidental routing of unwanted traffic through LTM.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule to mimic Cisco ACL for Forwarding VIP

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Guide for exam 402 F5 Certified Solution Expert

HA pair when both Tenants reside on the same Velos chassis

SMTP SNAT vs iRule header

Replace stream if condition is met

Best practice for network communication with LDAP server

Related Content

BIG-IP DNS Forwarder Support via iRule

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

iRule to Forward Traffic Based on URL Name

Help with X-Forwarded-For iRule

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS