Forum Discussion
CirrusLimit source address without address list
Hi guys ! Happy New Year !
I am struggling with the configuration of 2 redundant VS in different data centers, I need to limit the source addresses that will be able to connect to these VS.
In one of the data centers it is a simple task, I have created an address list and associated it to the VS. The problem is the other site, running an old version (v12) I do not have this functionality, I suppose there could be an alternative, but the truth is that I am quite lost.
As always, any help is welcome
Thanks, best regards
3 Replies
- JoseLabra
MVP
Hii
You can try with a iRule associate to the VS
Example:
when HTTP_REQUEST {
set client_ip [IP::client_addr]if { [IP::addr $client_ip equals 10.10.10.0/24] } {
log local0. "Allowed traffic from $client_ip"
} else {
log local0. "Blocked traffic from $client_ip"
reject
}
}Best Regard
- Martin182
Oh sorry, its a TCP VS, forget to indicate that
- zamroni777
you can change JoseLabra irules to use "when CLIENT_ACCEPTED {...".
instead of irules, you can also use gui based local traffic policy better managebility
https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-getting-started-with-policies/introducing-local-traffic-policies.html#GUID-362BEFCA-726C-43FE-80E7-B29ABD4929AC
