Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

irule ports

suthomas1
Cirrostratus
Cirrostratus

Good day all,

 

I had few doubts for ltm.

1) is a service with all ports allowed but an irule with limited ports secure? will the irule come into picture for the ports first?

2) any easy way to rename a virtual service?

 

 

thanks in advance.

1 ACCEPTED SOLUTION

Daniel_Wolf
Nacreous
Nacreous

Hello  ,

 

  1. Yes, it is secure. But there are other options too. Please read this devcentral article by  : Three Ways to Specify Multiple Ports on a Virtual Server
  2. There is the mv command, it renames or moves a TMOS configuration object. I never tested it... Please see https://clouddocs.f5.com/cli/tmsh-reference/v15/commands/mv.html

 

KR

Daniel

View solution in original post

7 REPLIES 7

Mike757
MVP
MVP

Hello,

 

I'm not going to answer your 1st question - I really don't understand what you mean by it.

 

For the 2nd - renaming a VS is not a straightforward thing to do - you have probably noticed that many configuration objects cannot be renamed from the GUI after you create them. But you can edit the configuration file directly and load it.

 

  1. login via ssh; if not already there go to the standard linux shell (not tmsh)
  2. if necessary, cd to /config/
  3. make a backup copy of bigip.conf
  4. edit bigip.conf with vi
  5. search for your VS - it will be a line with "ltm virtual <vs name>"
  6. rename it, be careful to not use repeated names and don't change line spacing, { } characters, etc
  7. save the file, exit vi
  8. execute "tmsh sys load config"

 

Mike

Please don't do this. You might end up having a corrupt bigip.conf.

Heh... never claimed it was safe, that's why step 3 is there.

 

But indeed, the file could have been corrupt to begin with. Make it step 2.5 to execute "tmsh load sys config verify". That way you can be sure the initial files are ok.

 

Mike

Daniel_Wolf
Nacreous
Nacreous

Hello  ,

 

  1. Yes, it is secure. But there are other options too. Please read this devcentral article by  : Three Ways to Specify Multiple Ports on a Virtual Server
  2. There is the mv command, it renames or moves a TMOS configuration object. I never tested it... Please see https://clouddocs.f5.com/cli/tmsh-reference/v15/commands/mv.html

 

KR

Daniel

For real? I had never heard about that!

[edit: the mv command, I mean]

suthomas1
Cirrostratus
Cirrostratus

Thanks Mike.

Re-writing the first question - how secure is any VS that has all ports allowed? & if it has an irule that lists few ports, will the irule be checked first for ports?

 

 

 

 

I see what you mean - as Daniel pointed out above, it is secure, but in the article everything is better explained. If you use an iRule (or policy), the TCP reset only happens after the 3-way handshake is completed. If you use a port list the handshake fails straigh away, which is better in terms of resource efficiency.

 

If I recall correctly, shared objects (address and port lists) appeared in version 14.

 

Mike