Forum Discussion

steven_normole's avatar
steven_normole
Icon for Cirrus rankCirrus
Feb 09, 2024

Setting static variables

I inherited a F5 that has an irule that is placed on a lot of virtual servers that contains a list of IP addresses that are trusted ip addresses.  recently the irule broken traffic from one particular subnet.  I am trying to figure out why.

The irule has list AAA.18. as a trusted source.  traffic coming from AAA.18.92 was being caught by the irule as untrusted.  I thought the AAA.18. would cover that AAA.18.92, but evidently not.  I had to add the AAA.18.92. in the list so it would be trusted.

I am not understanding that set static:: and how it looks at IP addresses.

 

when RULE_INIT {
        # Internal datasets for now; class behavior changes in v10; I'd rather just internalize until we can unfutz.
        set static::core_listener_blocked_content [ list "version.jsp" "debug.jsp" "appmonitor.status" "/static/authagent/settings" ]
        # set ::<variable>   [ list "214.3.118." "10." "172." ]
        set static::TRUSTED_IP_ADDRS  [ list "172.16." "172.17." "172.18." "XXX.19." "XX.3.116." "XX.3.117." "XXX.3.118." "XXX.3.119." "10." "XXX.54.17." "XXX.54.18." "XX.54.19." "XXX.1." "AAA.18." ]

 

any help or document links would be greatly appreciated so i can get a better understanding on how this static variable setting works.

cloud
  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Feb 09, 2024

    steven_normole In order to assist with this we would need to see the entire iRule and how this variable is being used to match. Without the previously mentioned information static variables are just that, you put information into a variable and you can edit it as needed throughout the iRule. In this particular instance it might be a bit more efficient to use a data-group rather than a static variable with a list of variables in it.

  • gersbah's avatar
    gersbah
    Icon for Cirrostratus rankCirrostratus
    Feb 09, 2024

    static is just a variable that is set once and shared across the whole TMM instead of being scoped to individual connections like other variables.

    The static type doesn't really affect the usage of the variable, besides the fact that trying to change a static variable at runtime can have unintended consequences.

    There's further reading on variables here and here, but in your case I suspect the real problem is rather with the logic further down in your iRule.