Forum Discussion

Nimbostratus

Dec 15, 2013

Question about iRULE (whitelist port and IP)

Hello Guys, I am trying to write an iRULE for following scenario. We are trying to restrict traffic between shared services and client vLANS. So from client vLAN they can only reach specific por...

Kevin_Stewart

Employee

Dec 16, 2013

At the very least you're going to want to use the TCP::local_port command to see port 53 and port 389 traffic. But if I may add, your conditional logic reads like this:

if the destination address (IP::local_addr) is in a specific subnet (yyy.yyy.yyy.yyy/26)
and the client address (IP::client_addr) exactly matches a specific address (yyy.yyy.yyy.yyy)
and the requested port is in the TCP data group
and the requested port is in the UDP data group

Not sure if this is your intention, but the biggest issues for the above might be:

Exactly matching a specific client IP address
Requiring the requested port to be in both data groups

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Question about iRULE (whitelist port and IP)

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

UCS Encryption Question

Global Blacklist or Whitelist

Whitelist certain inbound IPs

Site Launch Frequently Asked Questions

DDoS IPI List - Whitelist DNS Servers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS