For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

arpydays's avatar
arpydays
Icon for Nimbostratus rankNimbostratus
Aug 25, 2015

Probably a simple irule/datagroup would do it. This rule will drop any connections from hosts not in the 'allowed-hosts' datagroup,

cheers

when CLIENT_ACCEPTED {
  if { not ([class match [IP::client_addr] equals allowed-hosts]) } {
    log local0. "[IP::client_addr] is not permitted to serverpoolXXX"
    drop
  }
}

ltm data-group internal allowed-hosts {
    records {
        192.168.20.51/32 {
            data "ServerYYYY"
        }
    }
    type ip
}