LB_SELECTED iRule to deny based on source and dest address

Question

Hello, would someone be able to assist with an iRule with LB_SELECTED to deny based on a specific source and destination address? There are multiple source and destination addresses so I was hoping to use switch -glob to accomplish. I'm running version 13.1 so there's no class math I could've used to accomplish this easier. Thanks in advance.

andy_mcgrath · Answer

Why can you not use class match in v13?&nbsp;

vfb · Answer

class match may be too much, as most of the deny statements are /32's&nbsp;

vfb · Answer

This is what I was trying to accomplish - &nbsp;
"when LB_SELECTED {
  switch "[IP::addr [IP::client_addr] equals "170.31.1.1"] and [IP::remote_addr] equals "170.31.1.63" -
         "[IP::addr [IP::client_addr] equals "170.31.1.10"] and [IP::remote_addr] equals "170.31.1.64"-
         "[IP::addr [IP::client_addr] equals "170.31.1.11"] and [IP::remote_addr] equals "170.31.1.65"   {snat automap}}}"&nbsp;

andy_mcgrath · Answer

class match will be better than a lot of if elseif or switch statements. Easier to manage &nbsp;
I would have a clientside data group and serverside data group if you can separate the lists? I.e. any source matched to any destination.&nbsp;

Forum Discussion

LB_SELECTED iRule to deny based on source and dest address

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

The Power of Source Address

health monitor source IP address

source address persistence maximum session timeout

F5 Malicious Source IP Address Alert

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS