Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

irule ports

Go to solution
suthomas1
Cirrostratus
Cirrostratus

‎26-Aug-2021 06:28

Good day all,

 

I had few doubts for ltm.

1) is a service with all ports allowed but an irule with limited ports secure? will the irule come into picture for the ports first?

2) any easy way to rename a virtual service?

 

 

thanks in advance.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Daniel_Wolf
Nacreous
Nacreous

‎26-Aug-2021 08:22 - last edited on ‎24-Mar-2022 01:23 by Fog

Hello  ,

 

  1. Yes, it is secure. But there are other options too. Please read this devcentral article by  : Three Ways to Specify Multiple Ports on a Virtual Server
  2. There is the mv command, it renames or moves a TMOS configuration object. I never tested it... Please see https://clouddocs.f5.com/cli/tmsh-reference/v15/commands/mv.html

 

KR

Daniel

View solution in original post

7 REPLIES 7

Go to solution
Mike757
MVP
MVP

‎26-Aug-2021 08:16

Hello,

 

I'm not going to answer your 1st question - I really don't understand what you mean by it.

 

For the 2nd - renaming a VS is not a straightforward thing to do - you have probably noticed that many configuration objects cannot be renamed from the GUI after you create them. But you can edit the configuration file directly and load it.

 

  1. login via ssh; if not already there go to the standard linux shell (not tmsh)
  2. if necessary, cd to /config/
  3. make a backup copy of bigip.conf
  4. edit bigip.conf with vi
  5. search for your VS - it will be a line with "ltm virtual <vs name>"
  6. rename it, be careful to not use repeated names and don't change line spacing, { } characters, etc
  7. save the file, exit vi
  8. execute "tmsh sys load config"

 

Mike

Go to solution
Daniel_Wolf
Nacreous
Nacreous
In response to Mike757

‎26-Aug-2021 08:38

Please don't do this. You might end up having a corrupt bigip.conf.

Go to solution
Mike757
MVP
MVP
In response to Daniel_Wolf

‎26-Aug-2021 08:47

Heh... never claimed it was safe, that's why step 3 is there.

 

But indeed, the file could have been corrupt to begin with. Make it step 2.5 to execute "tmsh load sys config verify". That way you can be sure the initial files are ok.

 

Mike

Go to solution
Daniel_Wolf
Nacreous
Nacreous

‎26-Aug-2021 08:22 - last edited on ‎24-Mar-2022 01:23 by Fog

Hello  ,

 

  1. Yes, it is secure. But there are other options too. Please read this devcentral article by  : Three Ways to Specify Multiple Ports on a Virtual Server
  2. There is the mv command, it renames or moves a TMOS configuration object. I never tested it... Please see https://clouddocs.f5.com/cli/tmsh-reference/v15/commands/mv.html

 

KR

Daniel

Go to solution
Mike757
MVP
MVP
In response to Daniel_Wolf

‎26-Aug-2021 08:45

For real? I had never heard about that!

[edit: the mv command, I mean]

0 Kudos

Go to solution
suthomas1
Cirrostratus
Cirrostratus

‎26-Aug-2021 08:24

Thanks Mike.

Re-writing the first question - how secure is any VS that has all ports allowed? & if it has an irule that lists few ports, will the irule be checked first for ports?

 

 

 

 

0 Kudos

Go to solution
Mike757
MVP
MVP
In response to suthomas1

‎26-Aug-2021 08:58

I see what you mean - as Daniel pointed out above, it is secure, but in the article everything is better explained. If you use an iRule (or policy), the TCP reset only happens after the 3-way handshake is completed. If you use a port list the handshake fails straigh away, which is better in terms of resource efficiency.

 

If I recall correctly, shared objects (address and port lists) appeared in version 14.

 

Mike

Copyright © 2023 Khoros, LLC