Forum Discussion

Nimbostratus

Feb 09, 2010

iRule to mimic Cisco ACL for Forwarding VIP

Hi All, Can somebody please help me write an iRule that will permit/deny the outside world from accessing the real servers behind the F5??? For example I have an inside_v...

Cirrostratus

Feb 11, 2010

Hi Andy,

The default action for a forwarding VIP is to forward the connection with the destination IP address untranslated. So you don't need to specify forward in the iRule. You can just drop or reject any connections you don't want to forward.

If you don't use the forward command on the FastL4 VIP with a default pool configured, the VIP's pool will be used for requests which don't match the iRule logic for dropping/rejecting connections. If there isn't a pool configured the request will be dropped--not forwarded.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule to mimic Cisco ACL for Forwarding VIP

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Question regarding F5 Viprion Configuration Migration to VE.

Mutual TSL Between Two BigIPs

Big-Ip Edge Client specials characters problems

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

iControl for Gtm wideip

Related Content

BIG-IP DNS Forwarder Support via iRule

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

iRule to Forward Traffic Based on URL Name

Help with X-Forwarded-For iRule

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS