Forum Discussion
1 Reply
Sort By
Hi jdeeby,
you could use LTMs data-groups as a storage for your white-listed IPs and then use an iRule during
event, to compare the connectingCLIENT_ACCEPTED
with your data-group information.[IP::client_addr]
Data-Group Config:
ltm data-group internal DG_MY_ALLOWED_IPs { records { 1.1.1.1/32 {} 2.2.2.0/24 {} } type ip }
iRule Syntax to drop the connection on a TCP layer:
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals DG_MY_ALLOWED_IPs] } then { Allow trusted clients } else { Drop untrusted clients drop } }
Cheers, Kai