Forum Discussion

Nimbostratus

Aug 10, 2016

Multiple Switch statements in a single iRule

Hi there, I have several ranges of addresses which I want to see if traffic is coming from and deny traffic. Say the ranges are as follows as an example: 10.11.0.0/16 10.12.0.0/16 10.13.13.0/...

Aug 11, 2016

Yes, but what you really want to do is use a Data Group. Let's say you have a Data Group that looks like this:

create ltm data-group internal dg-address-matchers type ip \
  records add { 10.11.0.0/16 { data "action1" } \
                10.12.0.0/16 { data "action2" } \
                10.13.13.0/22 { data "action3" } ... }

You would then use it thusly:

when CLIENT_ACCEPTED {
    set indicator [class lookup [IP::client_addr] dg-address-matchers]
        
    switch [class lookup [IP::client_addr] dg-address-matchers] {
        action1 {
             ... do something ...
        }
                
        action2 {
             ... do something else ...
        }
        
         ... etc ... 
        
        "" {
             this means the IP matches no netblocks in the data-group
        }
    }
}

VernonWells

Employee

Aug 11, 2016

As you observe, loading an external data-group file really just loads its contents into an internal data store. It is a one-time activity. Changes to the original source file do not change the internal store. You can use

tmsh

to update the file, as well. You could create an iCall periodic script to check for changes to a source file that is local to the BIG-IP, then invoke the appropriate

tmsh

command if it has changed. Alternatively, you could use iControl to load the file from an off-box source. Testing whether the file changed would be the domain of some external script. Since 10.x is about to go end-of-life, you presumably will be upgrading to 11.x (at least 11.4) or 12.x soon. If so, then both mechanisms should be available.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Multiple Switch statements in a single iRule

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

APM AdAuth HTTP Header Insert iRule Switch Statement

Use switch for multiple conditions

iRule and multiple switch-statements

Multiple Ways to Configure Usage Reporting in NGINX

Comparing iRule Control Statements

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS