Forum Discussion
NimbostratusiRule to restrict TCP and UDP to the same range of ports.
Like the title says, I'm trying to make an iRule to restrict ports to a VS.
I was trying to use the following, but getting an error. when CLIENT_ACCEPTED { if {([TCP::local_port] >= 10514 ) && ([TCP::local_port] <= 10526) || ([TCP::local_port] >= 514 ) && ([TCP::local_port] <= 515) } { pool Pool_Name } elseif {([UDP::local_port] >= 10514 ) && ([UDP::local_port] <= 10526) || ([UDP::local_port] >= 514 ) && ([UDP::local_port] <= 515) } { pool Pool_Name } else reject }
The error doesn't help me understand where my mistake is. 01070151:3: Rule [/Common/SPL-PRD-SYS-restricted] error: /Common/SPL-PRD-SYS-restricted:6: error: [undefined procedure: elseif][elseif {([UDP::local_port] >= 10514 ) && ([UDP::local_port] <= 10526) || ([UDP::local_port] >= 514 ) && ([UDP::local_port] <= 515) } { pool Pool_Name } else reject]
Thanks
2 Replies
You're missing some curly brackets. Try this:
when CLIENT_ACCEPTED { if {([TCP::local_port] >= 10514 ) && ([TCP::local_port] <= 10526) || ([TCP::local_port] >= 514 ) && ([TCP::local_port] <= 515) } { pool Pool_Name } elseif {([UDP::local_port] >= 10514 ) && ([UDP::local_port] <= 10526) || ([UDP::local_port] >= 514 ) && ([UDP::local_port] <= 515) } { pool Pool_Name } else { reject } }/Patrik
I might do it like this instead as it's easier to read.
when CLIENT_ACCEPTED { Check which protocol and set the port variable if { [IP::protocol] == 6 } { 6 means TCP set port [TCP::local_port] } elseif { [IP::protocol] == 17 } { 17 means UDP set port [UDP::local_port] } else { Unhandled protocol set port 0 } Make sure the ports are between 10514 and 10526 OR 514, the select the pool if { ($port >= 10514 && $port <= 10526) || $port == 514 } { pool Pool_Name } else { reject } }/Patrik
