For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ofir_73471's avatar
Ofir_73471
Icon for Nimbostratus rankNimbostratus
Sep 21, 2008

Port Forwarding - Need Help

Hi,     I am new to the iRules , i need to write an iRule that will apply to a VS and will accept only TCP connection from a specific range of destination TCP ports .     Can som...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 22, 2008
If you're trying to allow access to specific ports on an any port VIP, you could check the TCP::local_port value (Click here) to make a decision: 

 
  This event is triggered when a TCP connection is established between the client and the VIP 
 when CLIENT_ACCEPTED { 
  
     Check if the port is between 1001 and 1999 
    if {not ([TCP::local_port] > 1000 and [TCP::local_port] < 2000)}{ 
  
        Log a debug message that we're resetting the TCP connection. 
       log local0. "[IP::client_addr]:[TCP::client_port]: Request to illegal port: [IP::local_addr]:[TCP::local_port]" 
  
        Send TCP reset 
       reject 
    } 
 }

Aaron