Forum Discussion

Dianna_129659's avatar
Dianna_129659
Icon for Nimbostratus rankNimbostratus
Oct 14, 2013

Simple iRule is not working as expected

Hello. I am very, very new to iRules. This is the rule that we are trying to use to block an IP address. The Events Request Log indicates that we are not actually blocking this IP address, so perhaps the code is incorrect. I am thankful for any advice.

 

when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 70.39.176.44/24] } { log local0. "Blocking [IP::client_addr]" reject } }

 

5 Replies

  • Reformatted:

    when CLIENT_ACCEPTED {
        if { [IP::addr [IP::client_addr] equals 70.39.176.44/24] } {
            log local0. "Blocking [IP::client_addr]"
            reject
        }
    }
    

    This should certainly block any request from client IP 70.39.176.44. By "Events Request Log", are you referring to the LTM log that this iRule would be logging to? As in you're not seeing this log statement?

  • Hi Kevin. Thank you for responding. No, I am not viewing log files. I am watching the actual request as they come through the F5 tool under Events >> Request >> Log.

     

    • Dianna_129659's avatar
      Dianna_129659
      Icon for Nimbostratus rankNimbostratus
      Oh, my. I just found the answer to my own question! That IP Address is actually in the IP Address Exceptions - never block this IP address. So sorry! Many thanks for assuring me that my iRule was working. I will keep learning.
  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account

    If you are trying to blocking everything from a /24 network I would think the format of the IP should be 70.39.176.0/24.