Forum Discussion

Cirrus

Mar 15, 2018

iRule to only allow traffic from US, Canada and private networks....

We have a current iRule that only accepts traffic from the US or private networks ( non-routable ). Shown below : when CLIENT_ACCEPTED { if {not ([whereis [IP::client_addr] country] eq "US") and ...

Nacreous

Mar 15, 2018

Canada has a country code of 'CA' (see https://www.iso.org/obp/ui/search ) you could add another 'and' like the one for 'US' It might however be easier to maintain if you create a datagroup with the country codes, much like you've done with the IP addresses

for example:

when CLIENT_ACCEPTED {
  if {!([class match [whereis [IP::client_addr] country] equals "country_dg"]) && !([class match [IP::client_addr] equals "private_net"])}{
    reject
  }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to only allow traffic from US, Canada and private networks....

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How APM GET IOS UUID & Andriod MAC

Expired client-certificate

F5 Big-IP Trust Internal CA Chain certificates for Web Servers

XC - geo LB to the origin servers

Floating Ip Problem

Related Content

Understanding Performance Metrics and Network Traffic

Using F5 Distributed Cloud Network Connect to transit, route, & secure private cloud environments

What is Multi-Cloud Networking?

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS