Forum Discussion

marv_Williams_5's avatar
marv_Williams_5
Icon for Nimbostratus rankNimbostratus
Apr 15, 2015

Urgent: Need an I-Rule to Block Continents but allow certain IP addresses

I tried this I-Rule but when tested it does not parse the I-Rule properly   when CLIENT_ACCEPTED { Block Continent IP Range and allow certain traffic if { ( [whereis [IP::client_addr] continent] e...
application delivery
LTM
Richard__Harlan's avatar
Richard__Harlan
Historic F5 Account
Apr 15, 2015

Ok I double check the iRule and again it loaded just fine. I then tested the logic and it worked. In my case the network being tested is a private network so change the Continent to be not set and put in IP in the datagroup and test and tested with it removed from the Datagroup. It worked both way when it is in the datagroup no reject when it is in the data group the Reject log fires.

when CLIENT_ACCEPTED { 

log local0. "Location = [whereis [IP::client_addr] continent]"
if { ( [whereis [IP::client_addr] continent] eq "") && not ( [class match [IP::client_addr] equals whitelist] ) } { 
    log local0. "Reject"
    reject 
    }
}

Data group

`ltm data-group internal /Common/whitelist {
records {
    192.168.1.3/32 { }
    192.168.1.5/32 { }
}
type ip
}

What error are you getting in the logs?