irules to check if the client IP belongs to the Pool

Question

Hi
I'm trying to write an irule to do selective SNAT but i get an error saying
invalid IP network mask specification (line 2) invoked from within "IP::addr [IP::client_addr] equals [active_members -list [LB::server pool]]" 
Here you are my irule
when CLIENT_ACCEPTED {
    Check if the client IP address is a node in the VIP's default pool
    if { [IP::addr [IP::client_addr] equals [active_members -list [LB::server pool]]] }{
  log local0. "SNAT'ing for [active_nodes -list [LB::server pool]] , member of pool [LB::server pool]"
  snat automap

}
   else { 
      snat none 
      log "snat none [IP::client_addr] [IP::remote_addr] "} 
}
I don't know what is wrong...
Thank you for your help

nathe · Answer

Laurent,&nbsp;
"active_members -list" will return the IP address and port, so something like 192.1.1.1 80 for example. This then won't match the IP::addr / IP::client_addr commands I'm afraid.&nbsp;
My quick thoughts would be to create a datagroup instead, using the pool members. Something like 192.1.1.1/32 and do a lookup to this datagroup instead of the pool.&nbsp;
Perhaps not perfect but an option. Perhaps better iRulers here might have better options.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

irules to check if the client IP belongs to the Pool

1 Reply

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 rSeries 4600 support 3rd Party SFP

no upload file .docx

F5 LACP

F5 BGP Peering in Active /Standby Cluster

AS3 Storage

Related Content

iRule based RADIUS Client Stack

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

iRules Style Guide

Using Client Subnet in DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS