Access Control Based on IP
Problem this snippet solves:
This iRule forwards traffic based on "trusted" source addresses. The original application was to add a layer of security to IP forwarding virtual servers. By default, it will drop traffic unless the source IP is a member of the trustedAddresses data group.How to use this snippet:
This iRule depends upon a single datagroup (class) of type Address named trustedAddresses.Code :
when RULE_INIT { # v1.0 - basic ACL. # October, 2007 # Tested on BigIP version 9.4. # # Purpose: # Bind this rule to a network virtual server to simply allow or disallow traffic based on source IP. # This rule expects a datagroup named trustedAddresses that lists the addresses you wish to allow. # By default, traffic will be dropped. } when CLIENT_ACCEPTED { if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{ #Uncomment the line below to turn on logging. #log local0. "Valid client IP: [IP::client_addr] - forwarding traffic" forward } else { #Uncomment the line below to turn on logging. #log local0. "Invalid client IP: [IP::client_addr] - discarding" discard } }
Tested this on version:
9.4Published Jan 30, 2015
Version 1.0L4L7_53191
Nimbostratus
Joined August 31, 2007
L4L7_53191
Nimbostratus
Joined August 31, 2007
- fanghe_315215Altocumulus
Why I added ip in the data group or can not be accessed
- JRahmAdminContributed by L4L7