Forum Discussion

Nimbostratus

Feb 03, 2006

Selectivly forward or drop source for IP Forwarding Virtual Server

Ok. I have a Forwarding(IP) network virtual server for a /24 network. I want to block all sources except for a select few. Here is what I have. class dg_source { host 10.10.1...

Feb 03, 2006

Have you added any logging statements to find out what's going on in your iRule. That's the first thing you should do because without some sort of message flow tracing, there isn't much we can do here.

On thing that I can see is that you shouldn't need to use the "forward" command. Try this rule out and see what's showing up in the logs.

when CLIENT_ACCEPTED {
  log local0. "checking for address [IP::client_addr] in dg_source list"
  if {[matchclass [IP::client_addr] equals $::dg_source]} {
    log local0. "address [IP::client_addr] is being allowed through"
    forward
  } else {
    log local0. "address [IP::client_addr] not valid, dropping connection"
    drop
  }
}

Then try it without the "forward" command and see if that works.

-Joe

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Selectivly forward or drop source for IP Forwarding Virtual Server

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Is it possible to create a Single Pool with multiple ports ?

F5 object groups in AFM

Round-robin method not load balanced

F5 ASM with fortisandbox

Disabling signature for a URL

Related Content

SSH forward proxy

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

Extracting X-Forwarded-For in Node.js

F5 DNS Forwarding

SSL Forward Proxy Explained using Wireshark

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS