Selective SNAT

Problem this snippet solves:

iRule that SNATS based on host address and port while just forwarding everything else.

Code :

class Hosts {
   host 10.1.1.1
   network 10.10.0.0/16
}

class Ports {
   22
   80
   110
}

when CLIENT_ACCEPTED {

   # Check if the client IP address is a member of the address data group named Hosts
   if { [matchclass [IP::client_addr] equals Hosts]} {

      # Check if the client's destination port is in the Ports integer data group
      if { [matchclass [TCP::local_port] equals Ports]} {

         # snat using this source address
         snat 192.168.100.12

         # Exit this event to avoid disabling SNAT below
         return
      }
   }
   # Default action is to not SNAT
   snat none
}

# Here is an elegant example from j.thomson to SNAT only if the client and destination are on the same /24 subnet. (from this post: https://devcentral.f5.com/s/default.aspx?tabid=53&view=topic&forumid=5&postid=2379)

when LB_SELECTED {  
   if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {  
      snat automap 
   }
}

# And another option for using SNAT only if the client IP is a node in the pool:

when CLIENT_ACCEPTED {
   # Check if the client IP address is a node in the VIP's default pool
   if {[matchclass [IP::client_addr] equals [active_nodes -list [LB::server pool]]]}{

      log local0. "SNAT'ing for [IP::client_addr], member of pool [LB::server pool]"
      snat automap
   }
}

# And another for when the client and member servers are on the same /24 subnet

when LB_SELECTED {  
   if {[IP::addr "[IP::client_addr]/24" equals "[active_nodes -list [LB::server pool]]/24"]} {  
      snat automap 
   }
}