Forum Discussion
Dianna_129659
Nimbostratus
NimbostratusWill this iRule block a range of IP Addresses?
Will this iRule block the range of 150.70.173.40 through 150.70.173.99. Is there a better way to block a range of IP addresses?
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 15...
Instead reject is better to use drop. Instead 150.70.173.40/24 is better to use 150.70.173.0/25 for blocking range 150.70.173.40 through 150.70.173.99
Vitaliy_Savrans
Nacreous
NacreousInstead reject is better to use drop. Instead 150.70.173.40/24 is better to use 150.70.173.0/25 for blocking range 150.70.173.40 through 150.70.173.99
Mohamed_Lrhazi
Altocumulus
Altocumulus150.70.173.0/25 will match 150.70.173.1 to 150.70.173.126
If you dont want to reject only .40 to .99, you would want to further extract the last octet and test it before calling drop/reject, maybe like this:
set ip [IP::client_addr]
set lastoctet [getfield $ip "." 4]
if { ($lastoctet >= 40) && ($lastoctet <= 99) } {
log local0. "IP: $ip Last octet: $lastoctet, YES."
} else {
log local0. "IP: $ip Last octet: $lastoctet, NO."
}