Forum Discussion
GeoffSweet_3221
Nimbostratus
NimbostratusNeed to permit a list of hosts
So I am sure that I can create an iRule that simply blocks a single host via
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
else {
drop
}
right? But what if I have a list of say 10 or 12 hosts. I kinda need to improvise a ACL for a site by the seat of my pants here. I tried the forum search but no matter what I put in, it returns zero results.
Thanks everyone!
hoolioCirrostratus
Hi,
You can use a datagroup and the matchclass command (Click here😞when CLIENT_ACCEPTED { Check if client IP is not defined in the allowed_clients datagroup if { not ([matchclass [IP::client_addr] equals $::allowed_clients]) } { Drop further packets from the client drop } }
If a client doesn't get dropped the VS's default pool will be used.
Aaron
SentinelPrime_1I am getting unknown option error using allowed_clients datagroup. is this the same syntax for LTM 10.2.3?
Cheers SP
- nitass
Employee
I am getting unknown option error using allowed_clients datagroup. is this the same syntax for LTM 10.2.3?
can you try this?
when CLIENT_ACCEPTED { if { not ([class match -- [IP::client_addr] equals allowed_clients]) } { drop } }- nitassclass wiki https://clouddocs.f5.com/api/irules/class.html
nitass_89166Noctilucent
I am getting unknown option error using allowed_clients datagroup. is this the same syntax for LTM 10.2.3?
can you try this?
when CLIENT_ACCEPTED { if { not ([class match -- [IP::client_addr] equals allowed_clients]) } { drop } }- nitass_89166class wiki https://clouddocs.f5.com/api/irules/class.html
