Forum Discussion
NimbostratusUnexpected traffic on F5 unable to block
We are currently receiving over 1 million active connections through our F5 from an unknown source and are trying to create an iRule or similar to block. Usually, we have 19 connections.
F5 Version: BIG-IP 9.4.8 Build 355.0 Final
From console command: bigpipe conn show all
VIRTUAL any:any <-> NODE 203.116.13.197:http TYPE local CLIENTSIDE 100.101.24.93:26282 <-> 203.116.13.197:http (pkts,bits) in = (1, 62) out = (0, 0)
Would anyone be able to provide an example of how to block the traffic from 203.116.13.197? This address is persistent for all of the traffic.
Thank you.
2 Replies
Only1masterbla1Cirrus
You can use iRule (examples below) or apply packet filters (under Networks) to drop packets. My preference would be for packet filter.
irule Examples:
Access Control Based On Network or Host https://devcentral.f5.com/codeshare?sid=28
Access Control Based on IP https://devcentral.f5.com/codeshare?sid=27
- Only1masterbla1
You may use iRule like this:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { drop log local0. "connection dropped from [IP::client_addr]" } }
All address definitions are here for your reference: https://devcentral.f5.com/wiki/iRules.IP.ashx
