Forum Discussion

Nimbostratus

17 years ago

script for port 443 and 50000-59999

Hello forum, I have an iRule as below: when CLIENT_ACCEPTED { if { [TCP::client_port] < 50000 or [TCP::client_port] > 59999}{ drop } } ...

Cirrostratus

17 years ago

I think you want to check TCP::local_port not TCP::client_port. TCP::client_port is the source port.

You can check for the ports you want to allow using this:

([TCP::local_port] >= 50000 && [TCP::local_port] <= 59999) || [TCP::local_port] == 443)

And you can logically NOT that to drop everything else:

 
 when CLIENT_ACCEPTED { 
  
     Check requested port 
    if { ! (([TCP::local_port] >= 50000 && [TCP::local_port] <= 59999) || [TCP::local_port] == 443)}{ 
  
        Request was to an disallowed port, so drop it 
       drop 
    } 
 }

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

script for port 443 and 50000-59999

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

APM Optimisation Script

Cross Site Scripting (XSS) Exploit Paths

Passing Arguments to iCall Scripts

Re: BIG-IP security hardening and compliance checks script

Export Virtual Server Configuration in CSV - tmsh cli script

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS