Forum Discussion

Nimbostratus

Apr 01, 2009

Reflexive irule ACL?

We have a linkcontroller and we would like to see if there is a reflexive type irule that can allow connections initiated/sourced from one host 10.3.3.3 to 10.4.4.4, but not connections initiated/sourced from 10.4.4.4 to 10.3.3.3? I checked the packet filter section but it doesn't seem to have the reflexive type features we are looking for. Thx!

Nimbostratus

I suppose you can create the iRule that looks like the following

 
 when CLIENT_ACCEPTED { 
   if { [matchclass [IP::client_addr] equals $::Hosts]} { 
     forward 
   } else  { 
     drop 
   } 
 }

Hope this helps

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Reflexive irule ACL?

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

iRules Style Guide

APM Security: Protecting Internal Resources Using ACLs

How to change ACL forbidden page?

BIG-IP Next: iRules pool routing

Json parsing with iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS