Log Source IPs for Traffic Sent to a BIG-IP Virtual Address Port it is not Listening on

Warning

• Before using this iRule, please assess an potential impacts to your BIG-IP based on it's current performance as iRules can negatively impact the BIG-IP and its traffic management processing.

Related Log Message

011e0001	Limiting closed port RST response from 501 to 500 packets/sec for traffic-group /Common/traffic-group-1

Create iRule

1. Create an iRule by navigating to Local Traffic > iRules > iRule List > Create
2. Name: log_source_ip_to_closed_ports
3. Paste the code below into the “Definition” box.
4. Click Finished, and sync to peer if needed/desired.

when CLIENT_ACCEPTED { set client_ip [IP::client_addr] # source IP variable set virtual_server_ip [IP::local_addr] # destination IP a variable set virtual_server_port [TCP::local_port] # destination port variable # Log information to /var/log/ltm log local0. "Connection attempted to unsupported port: $client_ip to destination $virtual_server_ip:$virtual_server_port" }

Create Reject Virtual Server

1. Create a new virtual server by navigating to Local Traffic > Virtual Servers > Virtual Servers List > Create
2. Name: reject_vs
3. Type: reject
4. Source Address: 0.0.0.0/0
5. Dest. Address: 0.0.0.0/0
6. Service Port: 0 *All Ports
7. Protocol: * All Protocols
8. Optionally specifics the VLANs and Tunnels the virtual server should listen on.

ltm virtual reject_vs { destination 0.0.0.0:0 mask any profiles { fastL4 { } } reject rules { new_irule } serverssl-use-sni disabled source 0.0.0.0/0 translate-address enabled translate-port enabled vlans { External } vlans-enabled vs-index 26 }