Forum Discussion

Nimbostratus

Jul 31, 2008

iRule to SNAT dependant on source address

Hey all, I'd like to configure and iRule and apply it to a VIP whereby it checks the source and if it is one of a list of IP addresses (or perhaps within a specific subnet). If it is I'...

Employee

Jul 31, 2008

Hi,

You can do this with a network range or a class, it is up to you:

you must use this command: IP::addr Click here

should look like this

 
 when CLIENT_ACCEPTED { 
     if {[IP::addr [IP::client_addr]/8 equals 10.0.0.0]} { 
         snat automap 
      } 
 } 
  
 with a class:  
 when CLIENT_ACCEPTED { 
     if {[matchclass [IP::client_addr] equals $::myIPs]} { 
         snat automap 
      } 
 } 
 where you created a datagroup myIPS which contains the list of IPs that should be snatted

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to SNAT dependant on source address

Jeff - May 2026 Featured F5er

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

certitcate error

Layered ASM for APM login page protection

migrate from serie I to R. Cluster LTM-GTM

APM URL encoding Hardening?

Trial License for F5 virtual edition in eve-ng

Related Content

The Power of Source Address

health monitor source IP address

Restsh is now available under an Open Source license!

source address persistence maximum session timeout

F5 Malicious Source IP Address Alert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS