For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ryan_Rowe_79249's avatar
Ryan_Rowe_79249
Icon for Nimbostratus rankNimbostratus
Sep 21, 2009

Need IP restrict 9.x irule on 4.x

This is my basic 9.x rule 

when CLIENT_ACCEPTED { 
 if {[matchclass [IP::client_addr] equals $::] || [matchclass [IP::client_addr] equals $::]}{ 
 } else { 
 discard 
 } 
 }

and the datasource class contains IP's and Networks

If I could get a example of using classes in the 4.x then I think I could move forward.

This is what I have so far. 

 
 if (client_addr == one of ) { 
 pool  
 } 
 else { 
 discard 
 } 
 }

But I don't think it works.
application delivery
dev
devops
iRules
v4

4 Replies

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Sep 22, 2009
    It looks like you have the same type of conditional evaluation of the IP::client_addr

    Try slimming it down to the following: 

     
 when CLIENT_ACCEPTED {  
    if { [matchclass [IP::client_addr] equals $::] }{  
    } else {  
    discard  
    }  
  }

    I hope this helps

    CB

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Sep 22, 2009
    Unfortunately I never used rules on v4.x when dealing with rules, only v9.x and up.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Sep 29, 2009
    You should be able to use this format where aol_class is a class of AOL IP addresses/networks.

     

     

    https://support.f5.com/kb/en-us/products/big-ip_4_x/manuals/product/bigip4_6_2ref/BIGip_rules.html1183277

     

     

    if (client_addr equals one of aol_class) {

     

    use pool aol_pool

     

    }

     

    else {

     

    use pool other_pool

     

    }

     

     

    Aaron