For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Shay_Ben-David1's avatar
Shay_Ben-David1
Icon for Nimbostratus rankNimbostratus
Oct 16, 2006

need help to convert from v9 to 4.5

i recently got an old Bigip for test env, i used irule only with my 6400 on ver 9.x, now i need to migrate few irules from 9.x to 4.5, mybee someone here can know how it can be done ?

 

the idea of this irule is to log multiple connections based on source ip and it can do reject to the violators.

 

 

here is my irule:

 

 

when RULE_INIT {

 

array set ::active_clients { }

 

array set white_client {

 

x.x.x.x

 

y.y.y.y

 

}

 

}

 

 

when CLIENT_ACCEPTED {

 

set client_ip [IP::remote_addr]

 

if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {

 

if {$::active_clients($client_ip) > 30 } {

 

discard

 

log "Reject @sitename $client_ip ($::active_clients($client_ip))"

 

return

 

} else {

 

incr ::active_clients($client_ip)

 

}

 

} else {

 

set ::active_clients($client_ip) 1

 

}

 

}

 

when CLIENT_CLOSED {

 

set client_ip [IP::remote_addr]

 

if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {

 

incr ::active_clients($client_ip) -1

 

if { $::active_clients($client_ip) <= 0 } {

 

unset ::active_clients($client_ip)

 

}

 

}

 

}

 

 

 

thanks
application delivery
dev
devops
iRules

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 16, 2006
    A few thoughts:

     

     

    You might be able to upgrade the unit to 9.x if meets the hardware requirements for 9.x and is under an active support contract:

     

     

    9.2.3 release notes: Click here

     

     

    Else, you might be able to piece something together but I'd suggest posting in the 4.x rules forum (Click here).

     

     

    I think you'll have some problems attempting to build this rule using 4.x functionality though, as I'm pretty sure you can't modify global classes from a rule in 4.x.

     

     

    Aaron
  • Andrew_Saar_110's avatar
    Andrew_Saar_110
    Icon for Nimbostratus rankNimbostratus
    Nov 22, 2006
    Is there a way to tell which hardware we have remotely? The site says to look at the sticker on the back of the serer, but the server is remote and will be difficult for us to get to.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 23, 2006
    On 9.x, you can use 'b platform':

     

     

     

    b platform | egrep 'bip|Type'

     

     

    | Type D63

     

    | Chassis: serial bip055073s

     

     

     

    On 4.x, you can look in the license file:

     

     

     

    egrep 'Serial|Platform ID' /config/bigip.license

     

    Serial : 70001

     

    Platform ID : D50

     

     

     

    I don't know of any published mapping of the platform ID's (D35, D50, D63, etc) to the platform numbers (520, 5000, 6400, etc), but you can search for the platform ID on AskF5.com and check which platform platform number is highlighted in the search results summary.

     

     

    Example:

     

     

     

    You asked: d63

     

     

     

     

    We have found the following results for your query.

     

    AskSOL5791: SSL ciphers that are fully accelerated in hardware on BIG-IP 1500, 3400, 6400, 6800, 8400 platforms

     

     

     

    Aaron