For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

toshi_01_132399's avatar
toshi_01_132399
Icon for Nimbostratus rankNimbostratus
Aug 30, 2013

mysql ip access control

I would like to do the ip access control by using a irule. However, I failed in the following way. pool-allowhost-01 have kept some mysql. when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_a...
application delivery
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Aug 31, 2013

i think the original irule below is okay.

when CLIENT_ACCEPTED {
    if { [IP::addr [IP::remote_addr] equals 192.168.1.0/24] } {
         pool pool-allowhost-01
    } else {
         reject
    }
}

may you add log command to the irule something like what kevin suggested? also, i think it would be helpful if you can run tcpdump on bigip.

e.g.

 tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host 192.168.1.30 or host 192.168.1.50 or host 192.168.1.51 or host 192.168.1.52

and can you post the virtual server, pool and snatpool configuration here?

 tmsh list ltm virtual (virtual server name)
 tmsh list ltm pool (pool name)
 tmsh list ltm snatpool (snatpool name)

just my 2 cents.

  • toshi_01_132399's avatar
    toshi_01_132399
    Icon for Nimbostratus rankNimbostratus
    Sep 01, 2013
    Thank you. I will try to challenge on the basis by information of everyone