LB_SELECTED iRule to deny based on source and dest address

Question

Hello, would someone be able to assist with an iRule with LB_SELECTED to deny based on a specific source and destination address? There are multiple source and destination addresses so I was hoping to use switch -glob to accomplish. I'm running version 13.1 so there's no class math I could've used to accomplish this easier. Thanks in advance.

andy_mcgrath · Answer

Why can you not use class match in v13?&nbsp;

vfb · Answer

class match may be too much, as most of the deny statements are /32's&nbsp;

vfb · Answer

This is what I was trying to accomplish - &nbsp;
"when LB_SELECTED {
  switch "[IP::addr [IP::client_addr] equals "170.31.1.1"] and [IP::remote_addr] equals "170.31.1.63" -
         "[IP::addr [IP::client_addr] equals "170.31.1.10"] and [IP::remote_addr] equals "170.31.1.64"-
         "[IP::addr [IP::client_addr] equals "170.31.1.11"] and [IP::remote_addr] equals "170.31.1.65"   {snat automap}}}"&nbsp;

andy_mcgrath · Answer

class match will be better than a lot of if elseif or switch statements. Easier to manage &nbsp;
I would have a clientside data group and serverside data group if you can separate the lists? I.e. any source matched to any destination.&nbsp;

Forum Discussion

LB_SELECTED iRule to deny based on source and dest address

4 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Cisco TACACS+ Config on ISE LTM Pair

Related Content

The Power of Source Address

health monitor source IP address

source address persistence maximum session timeout

F5 Malicious Source IP Address Alert

ICMP Custom Source Address Monitor

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS