Forum Discussion

sysadmin_2015_2

Nimbostratus

Sep 08, 2017

Virtual Server - Block IP

Hello, We need to block a several subnets for a particular virtual server. Is the best way to use an iRule? And can you please send me an example of an iRule we can use? Thank you for the...

Cumulonimbus

Sep 17, 2017

Hi,

without data group, you can create a list of denied networks:

when RULE_INIT {
    set static::denied_clients {10.0.0.0/8 192.168.0.0/16}
}

when CLIENT_ACCEPTED {
    foreach subnet $static::denied_clients {
        if {[IP::addr [IP::remote_addr] equals $subnet]} {
            log local0.  "client IP: [IP::client_addr] - discarded"
            discard
        }
    }
}

Note : switch command does not support network with netmask comparaison.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)