Forum Discussion

Nimbostratus

Jan 25, 2010

Packet filter and port range

I need to do packet filter rules with a dynamic port range like 1024 - 65535. However, the packet filter rule does not take the TCPDUMP format of: ( dst portrange 1024-65535 ) ...

config

design

hoolio

Cirrostratus

Jan 26, 2010

Hi Chuck,

I'm not sure why the packet filters don't support the portrange keyword. I saw the same error on 10.0.1. 'b packet filter help' on a 10.0.1 unit shows:

The BIG-IP system packet filters are based on the Berkeley Software Design Packet Filter (BPF) architecture.

Maybe BPF doesn't support portrange? If you don't find a solution for using packet filters and the traffic you want to restrict to a port range is passing through a VIP, you could use an iRule to restrict access using [TCP::local_port] > 1024 && [TCP::local_port] < 65535.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Packet filter and port range

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Big-Ip Edge Client specials characters problems

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

iControl for Gtm wideip

About F5 idle timeout and keep-alive

Problem with sending BotDefense logs to remote server

Related Content

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

UDP TCP Packet Duplication

Automating Packet Captures on BIG-IP

F5 Distributed Cloud Network Firewall Rule Evaluation and Packet Flow

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS