Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

MO_57487's avatar
MO_57487
Icon for Nimbostratus rankNimbostratus
17 years ago

Need help convert 4.x irule to 9.x

I have the following I rule that I neeed help in moving to 9.x.     if (client_addr == 10.168.1.0 netmask 255.255.255.0 or   client_addr == 10.170.64.0 netmask 255.255.192.0 or   client_...
application delivery
dev
devops
irules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
17 years ago
Hi,

You can define the address ranges in a datagroup (called a class in the bigip.conf) under Local Traffic >> iRules >> Datagroup tab >> Create >> Name: my_networks_class, Type: address.

Then create a rule which checks the client IP address against the class, using the matchclass (Click here) command. You can the codeshare links at the bottom of the matchclass wiki page for related examples.


when CLIENT_ACCEPTED {
   if { [matchclass [IP::remote_addr] equals $::my_networks_class] } {
      log local0. "[IP::client_addr]:[TCP::client_port] matched \$::my_networks_class: $::my_networks_class"
      pool Visionware_web28
   } else {
      log local0. "[IP::client_addr]:[TCP::client_port] didn't match \$::my_networks_class: $::my_networks_class"
      pool Visionware_web27
   }
}

The log output is written to /var/log/ltm. To save resources, comment out or remove the log statements from the iRule once you're done testing.

Aaron