26-Aug-2021 06:28
Good day all,
I had few doubts for ltm.
1) is a service with all ports allowed but an irule with limited ports secure? will the irule come into picture for the ports first?
2) any easy way to rename a virtual service?
thanks in advance.
Solved! Go to Solution.
26-Aug-2021
08:22
- last edited on
24-Mar-2022
01:23
by
li-migration
Hello ,
KR
Daniel
26-Aug-2021 08:16
Hello,
I'm not going to answer your 1st question - I really don't understand what you mean by it.
For the 2nd - renaming a VS is not a straightforward thing to do - you have probably noticed that many configuration objects cannot be renamed from the GUI after you create them. But you can edit the configuration file directly and load it.
Mike
26-Aug-2021 08:38
Please don't do this. You might end up having a corrupt bigip.conf.
26-Aug-2021 08:47
Heh... never claimed it was safe, that's why step 3 is there.
But indeed, the file could have been corrupt to begin with. Make it step 2.5 to execute "tmsh load sys config verify". That way you can be sure the initial files are ok.
Mike
26-Aug-2021
08:22
- last edited on
24-Mar-2022
01:23
by
li-migration
Hello ,
KR
Daniel
26-Aug-2021 08:45
For real? I had never heard about that!
[edit: the mv command, I mean]
26-Aug-2021 08:24
Thanks Mike.
Re-writing the first question - how secure is any VS that has all ports allowed? & if it has an irule that lists few ports, will the irule be checked first for ports?
26-Aug-2021 08:58
I see what you mean - as Daniel pointed out above, it is secure, but in the article everything is better explained. If you use an iRule (or policy), the TCP reset only happens after the 3-way handshake is completed. If you use a port list the handshake fails straigh away, which is better in terms of resource efficiency.
If I recall correctly, shared objects (address and port lists) appeared in version 14.
Mike