For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MO_57487's avatar
MO_57487
Icon for Nimbostratus rankNimbostratus
May 06, 2008

Need help convert 4.x irule to 9.x

I have the following I rule that I neeed help in moving to 9.x.     if (client_addr == 10.168.1.0 netmask 255.255.255.0 or   client_addr == 10.170.64.0 netmask 255.255.192.0 or   client_...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 06, 2008
Hi,

You can define the address ranges in a datagroup (called a class in the bigip.conf) under Local Traffic >> iRules >> Datagroup tab >> Create >> Name: my_networks_class, Type: address.

Then create a rule which checks the client IP address against the class, using the matchclass (Click here) command. You can the codeshare links at the bottom of the matchclass wiki page for related examples.


when CLIENT_ACCEPTED {
   if { [matchclass [IP::remote_addr] equals $::my_networks_class] } {
      log local0. "[IP::client_addr]:[TCP::client_port] matched \$::my_networks_class: $::my_networks_class"
      pool Visionware_web28
   } else {
      log local0. "[IP::client_addr]:[TCP::client_port] didn't match \$::my_networks_class: $::my_networks_class"
      pool Visionware_web27
   }
}

The log output is written to /var/log/ltm. To save resources, comment out or remove the log statements from the iRule once you're done testing.

Aaron