F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

jdeeby_270877's avatar
jdeeby_270877
Icon for Nimbostratus rankNimbostratus
Jan 30, 2018

irule to only allow specified IPs to connect to Vitrual

Hello I am looking to create an irule that will only allow connections to a VIP from a list or allowed IP's. Does anyone have a solution that they have used in the past with success on this?   My...
application delivery
iRules
LTM
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 30, 2018

Hi jdeeby,

you could use LTMs data-groups as a storage for your white-listed IPs and then use an iRule during 

CLIENT_ACCEPTED
event, to compare the connecting 
[IP::client_addr]
with your data-group information.

Data-Group Config:

ltm data-group internal DG_MY_ALLOWED_IPs {
    records {
        1.1.1.1/32 {}
        2.2.2.0/24 {}
    }
    type ip
}

iRule Syntax to drop the connection on a TCP layer:

when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals DG_MY_ALLOWED_IPs] } then {
         Allow trusted clients
    } else {
         Drop untrusted clients
        drop
    }
}

Cheers, Kai