Forum Discussion

smiley_dba_1116's avatar
smiley_dba_1116
Icon for Nimbostratus rankNimbostratus
Dec 06, 2012

Block external IP address from hitting VS

Can someone help me with an iRule that blocks and external IP address from hitting my VS"s?

 

External IP VS

 

177.177.177.177 -----------------------> 180.180.180.180:21

 

 

I know I would normally just add a firewall ACL, but this VS sits directly out in 'net and would like to use a iRule to issue the block.

 

Thank you!! Sincerely,

 

RGW

 

3 Replies

  • when CLIENT_ACCEPTED {

     

    if {[IP::client_addr] eq "yourIPaddress"]} { reject }

     

    }

     

     

    replace yourIPaddress with the address of the client you are trying to stop.

     

    Regards

     

    Kevin

     

  • Note that a Packet Filter might provide better DDoS protection. Also, using 'drop' rather than 'reject' in the iRule will prevent any response to the client at all and save a few CPU cycles, RAM bits and connections.
  • Should be:

    
    when CLIENT_ACCEPTED {
      if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
        drop
      }
    }
     

    drop also waists the attackers time, which is cool 🙂