Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

KJ_50941's avatar
KJ_50941
Icon for Nimbostratus rankNimbostratus
Jan 11, 2018

Need to allow certain IP address to F5 VIP.

I need to restric F5 VIP to allow certain IP addresses.It appear I need to create datagroup ( allowed-nets) from F5 GUi with allow list of ip addresses. does below iRule works as is?   when CLIEN...
application delivery
big-ip
irules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jan 13, 2018

does below iRule works as is?

 

it looks okay to me.

 

swjo_264656's avatar
swjo_264656
Icon for Cirrostratus rankCirrostratus
Jan 13, 2018

I`m using two rules, for forwarding and VIP service.

 

rule forward_allow when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals forward_white_list]}{

 

log local0. "[IP::remote_addr]:[TCP::remote_port] Dst [IP::local_addr]:[TCP::local_port] -> Allowed"

} else { reject log local0. "[IP::remote_addr]:[TCP::remote_port] Dst [IP::local_addr]:[TCP::local_port] -> Denied" } }

 

rule vip_allow when CLIENT_ACCEPTED { if {[class match [IP::remote_addr] equals vip_white_list]}{

 

log local0. "[IP::remote_addr]:[TCP::remote_port] Dst [IP::local_addr]:[TCP::local_port] -> Allowed"

LB::server pool } else { reject log local0. "[IP::remote_addr]:[TCP::remote_port] Dst [IP::local_addr]:[TCP::local_port] -> Denied" } }

 

please refer to it.