SFTP port 22 to be allowed on specfic IP addresses

Question

Hi All,&nbsp;
We have SFTP allowed on f5 and we need to narrow down the access parameter to hit by specific IP address
How We can create rule for SFTP allow on specific IP addresses   &nbsp;

harshapotharaju · Answer

I guess this is what you are looking for. Test it and let me know how this is working.
when CLIENT_ACCEPTED {

if { [IP::client_addr] equals "x.x.x.x" } {
    pool your_pool_name
    log local0. "Request for service at port [TCP::local_port] from [IP::client_addr]"}
else {
    reject
    }
}

oguzy · Answer

Hi,
You can use Data Groups within an irule. 
For instance;
when CLIENT_ACCEPTED {
    Comparing source IP to a list of entries in a LTM data-group.
   if { not ( [class match [IP::remote_addr] equals data_SourceIps ] ) } {
      reject;
   }

}

Forum Discussion

SFTP port 22 to be allowed on specfic IP addresses

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Related Content

Allow only specific IP Address to only specific URL/route in ASM

CSV to Address External Datagroup File

Decoding the IPv4 address from the persistence cookie

Destination address at F5

The Power of Source Address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS