08-Apr-2023 08:51
Hi all,
Can i write an irule and apply it to all the virtual server in a ltm. For eg. i want to write an irule which would block traffic from a specific ip and it should be applied to all virtual server without manually adding the iRule to each VS
08-Apr-2023 12:04
Hi @mgrdta,
you could use Packet Filter for that purpose instead of writing an iRule and applying it to all virtual servers.
The risk with this process is, someone might forget to add the iRule to a new virtual server.
Packet Filters are a global setting for the whole BIG-IP. Take a look here:
MyF5 >> BIG-IP TMOS: Routing Administration >> Packet Filters
KR
Daniel
08-Apr-2023 15:55 - edited 10-Apr-2023 21:46
@mgrdta If the F5 is not your perimeter device this should be blocked on your firewall or router depending on what you have to allow traffic in. As @Daniel_Wolf stated, you are better off blocking this as a packet filter but you can create an iRule to block traffic from whatever source you would like. If you went the iRule route you might want to make it part of your build document so that when adding a new virtual server that you have an iRule that will always be applied no matter what and if you will eventually add more IPs to be blocked you should utilize a data-group to reference in your iRule for blocking sources.