Forum Discussion

Nimbostratus

Aug 21, 2013

irule with data group list

I am trying to write a irule that will allow only certain subnets internally to be allowed to send email to this outgoing email server. Thought this below might do the trick, but no. Take remote IP...

application delivery

BIG-IP Access Policy Manager (APM)

Cirrostratus

Aug 21, 2013

Essentially not doing anything allows the connection through. drop or discard will drop the connection from the BIG-IP (but this is a bit brutal), reject will close it. To use this you want to invert your logic, like so:

if { not [class match [IP::remote_addr] equals smtp_relay_allowed] } {
    reject
}

Ideally what you want to do is actually respond with some valid SMTP indicating a denied connection.

Another non-iRule approach is to look at the Packet Filters feature.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

irule with data group list

Recent Discussions

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

Related Content

Intermediate iRules: Data-Groups

v11: iRules Data Group Updates

iRules Data Group Formatting Rules

Certified Kubernetes Administrator - Study Group

Interrogate Pool Member Priority Group from iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS