For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Greg__33907's avatar
Greg__33907
Icon for Nimbostratus rankNimbostratus
Jul 31, 2008

iRule to SNAT dependant on source address

Hey all,     I'd like to configure and iRule and apply it to a VIP whereby it checks the source and if it is one of a list of IP addresses (or perhaps within a specific subnet). If it is I'...
application delivery
dev
devops
iRules
Nicolas_Menant's avatar
Nicolas_Menant
Icon for Employee rankEmployee
Jul 31, 2008
Hi,

You can do this with a network range or a class, it is up to you:

you must use this command: IP::addr Click here

should look like this 

 
 when CLIENT_ACCEPTED { 
     if {[IP::addr [IP::client_addr]/8 equals 10.0.0.0]} { 
         snat automap 
      } 
 } 
  
 with a class:  
 when CLIENT_ACCEPTED { 
     if {[matchclass [IP::client_addr] equals $::myIPs]} { 
         snat automap 
      } 
 } 
 where you created a datagroup myIPS which contains the list of IPs that should be snatted