Reset connection via iControl

Question

Hi!&nbsp;I have written an AI that does some analyzing and sometimes decides that an IP no longer should beallowed to access a specific resource.&nbsp;When this happens, the IP is added to a data-group-list and the resource has an iRule that checks ifthe IP is blocked via the CLIENT_ACCEPTED-event. &nbsp;Problem: The current connection is allowed to persist since the drop in only done when a new connectionis set up (due to using the CLIENT_ACCEPTED-event).&nbsp;I have been looking through the iControl API to see if I can drop a specific connection based on IP butI can't find anything about networking at all.. Any ideas how to solve this?&nbsp;Since the resource get a lot of request, it would not be very good to check the DGL on every incomming request.&nbsp;Product: BIG-IPVersion: 13.1.1Build: 0.0.4BIG-IP 4000S

dario_garrido · Answer

Hello Peo.&nbsp;You can drop connections when the first packet arrives the F5 (SYN). I share with you three methods in order of precedence:1) Packet Filtering -&gt; https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-implementations-13-0-0/8.html2) FLOW_INIT event -&gt; https://clouddocs.f5.com/api/irules/FLOW_INIT.html3) AFM Module -&gt; https://support.f5.com/csp/article/K38201755&nbsp;KR,Dario.

Forum Discussion

Reset connection via iControl

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

Related Content

SPECIAL DevCentral Connects - on Basic iControl Security

iControl REST Authentication Token Management

TCP Connection Reset between VIP and Client

TCP reset connection with MSSQL

Microsoft Powershell with iControl

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS