For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Torti's avatar
Torti
Icon for Cirrus rankCirrus
Feb 18, 2014

LTM v11.5.0 - IP::addr mask not allowed anymore

Hi,

I test a little bit with 11.5.0. If I try: 

    when CLIENT_ACCEPTED {
        if { [IP::addr [IP::remote_addr] equals 10.10.10.0 mask 255.255.255.0] } {
             allowed

        } else {
            discard
            log local0. "connection discarded from [IP::client_addr]"
        }
    }

I get the following tcl error:

error: /Common/iRuler_Parse_Test_Rule:2: error: [wrong args][IP::addr [IP::remote_addr] equals 10.10.10.0 mask 255.255.255.0]

With [IP::addr [IP::remote_addr] equals 10.10.10.0/24] everthing is working fine.

Is the mask parameter not allowed anymore?

application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
LTM
security

2 Replies

  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Feb 18, 2014

    I had a quick read through https://devcentral.f5.com/wiki/irules.ip__addr.ashx and I can't see an example that is just like yours. The closest one looks like this, with the right side of the equals wrapped in quotes.

    [IP::addr 10.42.2.2 equals "10.42.2.0 mask 255.255.255.0"]: 1

    Try it that way and see if there is any difference... Unless the old examples have been deleted, your way may never have been officially supported.