14-Oct-2020 08:28
19-Oct-2020
07:52
- last edited on
04-Jun-2023
21:14
by
JimmyPackets
See K10354610: BIG-IP AFM operations guide | Chapter 3: Firewall rules and ACL::action for additional details.
when FLOW_INIT {
if { [class match [IP::client_addr] equals DG] } {
ACL::action drop
}
}
Is there any reason you want to do this specifically within AFM as opposed to just matching the data group and dropping without ever involving AFM?
when FLOW_INIT {
if { [class match [IP::client_addr] equals DG] } {
drop
}
}
19-Oct-2020 11:19
I wanted to have the ability to add the attacking IP to the denied list for a specified period of time instead of having the iRule have to continuously drop the traffic.