For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Richard_Bible_7's avatar
Richard_Bible_7
Historic F5 Account
Mar 11, 2005

rule for blocking DNS/UDP 4.2.x

Hi there,

 

 

Can someone confirm that this would be the correct method to block DNS/UDP packets from a class of IP's. This is in addition to an existing rule.

 

 

else if (server_port == 53 and client_addr == one of DNS_BLOCK) {

 

discard

 

}

 

 

Any help would be great.
application delivery
dev
devops
iRules

1 Reply

  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Mar 11, 2005
    A similar 9.x rule fragment would look like: 

      
  elseif { [TCP::local_port] == 53 and [matchclass [IP::remote_addr] equals $::DNS_BLOCK]} {  
     discard  
  }