Our internet access is through SNAT using iRule. off all the subnets present in the datagroup, we have request to block a bunch of IPs from accessing Internet. Below is the current rule. if { $remote_snat eq "" && [class match $CLIENT equals qa_internal] } { log local0. "processed" set remote_snat "DC2_OUTBOUND_QA_EXTERNAL" } off all the subnets present in datagroup "qa_internal" , i need to block some 20 IPs from accessing internet. What is the best way to do this? Thanks Raja

Remove them from the "qa_internal" datagroup, assuming the other parts of the iRule don't break any other access.

Forum Discussion

Nimbostratus

Dec 30, 2016

Modifying iRule to block few IPs from accessing Internet

Our internet access is through SNAT using iRule. off all the subnets present in the datagroup, we have request to block a bunch of IPs from accessing Internet. Below is the current rule.

if { $remote_snat eq "" && [class match $CLIENT equals qa_internal] } { log local0. "processed" set remote_snat "DC2_OUTBOUND_QA_EXTERNAL" } off all the subnets present in datagroup "qa_internal" , i need to block some 20 IPs from accessing internet. What is the best way to do this?

Thanks Raja