Access Control Based on IP
Problem this snippet solves:
This iRule forwards traffic based on "trusted" source addresses. The original application was to add a layer of security to IP forwarding virtual servers. By default, it will drop traffic unless the source IP is a member of the trustedAddresses data group.How to use this snippet:
This iRule depends upon a single datagroup (class) of type Address named trustedAddresses.Code :
when RULE_INIT {
# v1.0 - basic ACL.
# October, 2007
# Tested on BigIP version 9.4.
#
# Purpose:
# Bind this rule to a network virtual server to simply allow or disallow traffic based on source IP.
# This rule expects a datagroup named trustedAddresses that lists the addresses you wish to allow.
# By default, traffic will be dropped.
}
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{
#Uncomment the line below to turn on logging.
#log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
forward
} else {
#Uncomment the line below to turn on logging.
#log local0. "Invalid client IP: [IP::client_addr] - discarding"
discard
}
}Tested this on version:
9.4Published Jan 30, 2015
Version 1.0
L4L7_53191
Nimbostratus
NimbostratusL4L7_53191Nimbostratus
Nimbostratus- JRahm
Admin
Contributed by L4L7 
fanghe_315215Altocumulus
Why I added ip in the data group or can not be accessed
