Forum Discussion
Dianna_129659
Jan 29, 2014Nimbostratus
Will this iRule block a range of IP Addresses?
Will this iRule block the range of 150.70.173.40 through 150.70.173.99. Is there a better way to block a range of IP addresses?
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 15...
- Jan 29, 2014
Instead reject is better to use drop. Instead 150.70.173.40/24 is better to use 150.70.173.0/25 for blocking range 150.70.173.40 through 150.70.173.99
Vitaliy_Savrans
Jan 29, 2014Nacreous
Instead reject is better to use drop. Instead 150.70.173.40/24 is better to use 150.70.173.0/25 for blocking range 150.70.173.40 through 150.70.173.99
- Dianna_129659Jan 29, 2014NimbostratusVitaliy, thank you very much! I will make your suggested change.
- Mohamed_LrhaziJan 29, 2014Altocumulus150.70.173.0/25 will match 150.70.173.1 to 150.70.173.126 If you dont want to reject only .40 to .99, you would want to further extract the last octet and test it before calling drop/reject, maybe like this: set ip [IP::client_addr] set lastoctet [getfield $ip "." 4] if { ($lastoctet >= 40) && ($lastoctet <= 99) } { log local0. "IP: $ip Last octet: $lastoctet, YES." } else { log local0. "IP: $ip Last octet: $lastoctet, NO." }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects