Forum Discussion

Nimbostratus

Dec 10, 2018

Irules for a specific tcp ports and https

Hello everyone I am not expert in F5, and I need help with a VIP for all ports, and I only need to allow the ports 443 and from the TCP 7000 to 7010 Currently I have this configuration: ...

Cumulonimbus

Dec 10, 2018

Hi,

you can test this irule:

when CLIENT_ACCEPTED { 

log local0. "Accepted--start iRule" 
if {([TCP::client_port] <= 1000  && [TCP::client_port] >= 65000) && ([TCP::local_port] == 443) } {
     do nothing
} else {
    log local0. "[IP::client_addr] rejected on TCP [TCP::client_port]" 
    reject

}
}

For info:

[TCP::client_port]

is your source/local port in your context (clientside)

[TCP::local_port]

is your destination port in your context (clientside)

This article can help you:

https://devcentral.f5.com/Wiki/iRules.TCP__local_port.ashx

regards

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Irules for a specific tcp ports and https

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Will a port specific VIP override an ANY VIP?

Response port masking

check the utilization on specific node

iRule for traffic redirect to a specific port based on URI

SSL Offloading for specific IPs or range of IPs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS