Forum Discussion

jlb4350's avatar
jlb4350
Icon for Cirrus rankCirrus
Jul 19, 2022
Solved

Help tweaking my iRule

Hello all. I have an oubound virtual server that allows all traffic and protocols to any address, it's a wildcard outbound. I'm wanting to use an iRule to block outbound connections to Russia using d...
  • David_Larsen's avatar
    David_Larsen
    Jul 19, 2022

    The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen.  I would use the framework set in the support article and do something like this:

    when SERVER_CONNECTED {
        set ipaddr [IP::remote_addr]
        set fromCountry [whereis $ipaddr country]
        if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } {
             log local0. "Attacker IP [IP::client_addr]"  ;#  This can be removed/commented out if not required
             drop
        }
    }