cancel
Showing results for 
Search instead for 
Did you mean: 
L4L7_53191
Nimbostratus
Nimbostratus

Problem this snippet solves:

This iRule forwards traffic based on "trusted" source addresses. The original application was to add a layer of security to IP forwarding virtual servers. By default, it will drop traffic unless the source IP is a member of the trustedAddresses data group.

How to use this snippet:

This iRule depends upon a single datagroup (class) of type Address named trustedAddresses.

Code :

when RULE_INIT {
# v1.0 - basic ACL.
# October, 2007
# Tested on BigIP version 9.4.
#
# Purpose: 
#   Bind this rule to a network virtual server to simply allow or disallow traffic based on source IP. 
#   This rule expects a datagroup named trustedAddresses that lists the addresses you wish to allow. 
#   By default, traffic will be dropped.
}
when CLIENT_ACCEPTED  {

if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{

#Uncomment the line below to turn on logging.
#log local0.  "Valid client IP: [IP::client_addr] - forwarding traffic"
forward
} else {

#Uncomment the line below to turn on logging.
#log local0. "Invalid client IP: [IP::client_addr] - discarding"
discard
}

}

Tested this on version:

9.4
Comments
JRahm
Community Manager
Community Manager
Contributed by L4L7
fanghe_315215
Altocumulus
Altocumulus

Why I added ip in the data group or can not be accessed

 

Version history
Last update:
‎30-Jan-2015 06:39
Updated by:
Contributors