For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

KJ_50941's avatar
KJ_50941
Icon for Nimbostratus rankNimbostratus
Jan 11, 2018

Need to allow certain IP address to F5 VIP.

I need to restric F5 VIP to allow certain IP addresses.It appear I need to create datagroup ( allowed-nets) from F5 GUi with allow list of ip addresses. does below iRule works as is?   when CLIEN...
application delivery
BIG-IP
iRules
WithF5's avatar
WithF5
Icon for Nimbostratus rankNimbostratus
Jan 11, 2018

Hi mate,

you need to ident your algorithm if you want it to work.

when CLIENT_ACCEPTED { 
if { not [([IP::client_addr] equals allowed-nets)] } 
    { 
        log local0. "[IP::client_addr] is not permitted to site xxxx" 
        reject
    }

}

Also, I don't think that networks defined in the data group will work... you need to use the full IP /32 (ex. 192.168.1.1, 192.168.1.2 ... ). You can do it in the CLI to make it faster.