Forum Discussion

Nimbostratus

Feb 03, 2009

script for port 443 and 50000-59999

Hello forum, I have an iRule as below: when CLIENT_ACCEPTED { if { [TCP::client_port] < 50000 or [TCP::client_port] > 59999}{ drop } } ...

Cirrostratus

Feb 03, 2009

I think you want to check TCP::local_port not TCP::client_port. TCP::client_port is the source port.

You can check for the ports you want to allow using this:

([TCP::local_port] >= 50000 && [TCP::local_port] <= 59999) || [TCP::local_port] == 443)

And you can logically NOT that to drop everything else:

 
 when CLIENT_ACCEPTED { 
  
     Check requested port 
    if { ! (([TCP::local_port] >= 50000 && [TCP::local_port] <= 59999) || [TCP::local_port] == 443)}{ 
  
        Request was to an disallowed port, so drop it 
       drop 
    } 
 }

Aaron

Forum Discussion

script for port 443 and 50000-59999

Recent Discussions

Pool Members communication with B-party via F5 VIP

Find GSLB pool membership from vip IP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Related Content

Passing Arguments to iCall Scripts

About script

Collect all partitions all type wideip and its pools members status with tmsh script

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747

Response port masking