Daniel_Beckham_
Feb 05, 2016Nimbostratus
Using ip filter-list on Linerate causes connection reset for *ALL* requests
My setup: LineRate version 2.6.1 running in master/failover mode on VMWare
When using the
ip filter-list
feature of the LineRate software, instead of filtering on the source addresses in the list, the LineRate sendsconnection resets for ALL incoming HTTP traffic to the virtual-ip the filter is applied to, whether the source address was listed in the rule or not.
Example
ip filter-list
config:
ip filter-list bad_actors
2 deny 104.199.152.55/32
Then this is applied to a virtual-ip:
virtual-ip vip_myvip
ip address 1.1.1.1 80
base vipbase_default
attach ip-filter bad_actors
As soon as that is applied, the LineRate begins responding with a connection reset. My IP address is obviously not IP in the deny line. Removing the filter from the virtual-ip with
no attach ip-filter bad_actors
will restore connectivity.
What's going on here? Does the use of a filter-list require at least one permit line to allow traffic? If so, the docs do not mention that at all, nor is it possible to say
permit any
.
What do I need to do in order to be able to deny incoming traffic from certain source addresses?