Forum Discussion

Nimbostratus

Oct 25, 2012

Packet filter does not work

HI All, I have implemented a packet filter to block access to a VS from all IP addresses except one. I tried the same through an iRule. But it did not seem to work. Here is the iRule: w...

config

design

nitass

Employee

Oct 25, 2012

this is mine.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
}

[root@ve10:Active] config  b packet filter list
packet filter {
   allow trusted  {}
}
packet filter Allow_192.168.206.57 {
   order 5
   action accept
   vlan external
   log enable
   filter { ( src host 192.168.206.57 ) and ( dst host 172.28.19.79 ) }
}
packet filter Deny_All {
   order 10
   action reject
   vlan external
   log enable
   filter { ( dst host 172.28.19.79 ) }
}

[root@ve10:Active] config  tail /var/log/pktfilter
Oct 25 11:24:14 local/tmm notice tmm[7926]: 01250004:5: Deny_All (2): reject on external, len: 74 [IPv4 60 172.28.20.11 -> 172.28.19.79 TCP 59195 -> 80 S]
Oct 25 11:24:21 local/tmm notice tmm[7926]: 01250002:5: Allow_192.168.206.57 (88): accept on external, len: 66 [IPv4 52 192.168.206.57 -> 172.28.19.79 TCP 63782 -> 80 S]

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)