Forum Discussion
Dianna_129659
Nimbostratus
NimbostratusWill this iRule block a range of IP Addresses?
Will this iRule block the range of 150.70.173.40 through 150.70.173.99. Is there a better way to block a range of IP addresses?
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 150.70.173.40/24] } { log local0. "Blocking [IP::client_addr]" reject } }
Instead reject is better to use drop. Instead 150.70.173.40/24 is better to use 150.70.173.0/25 for blocking range 150.70.173.40 through 150.70.173.99
Vitaliy_SavransNacreous
Instead reject is better to use drop. Instead 150.70.173.40/24 is better to use 150.70.173.0/25 for blocking range 150.70.173.40 through 150.70.173.99
Dianna_129659Vitaliy, thank you very much! I will make your suggested change.
Mohamed_LrhaziAltocumulus
150.70.173.0/25 will match 150.70.173.1 to 150.70.173.126 If you dont want to reject only .40 to .99, you would want to further extract the last octet and test it before calling drop/reject, maybe like this: set ip [IP::client_addr] set lastoctet [getfield $ip "." 4] if { ($lastoctet >= 40) && ($lastoctet <= 99) } { log local0. "IP: $ip Last octet: $lastoctet, YES." } else { log local0. "IP: $ip Last octet: $lastoctet, NO." }