Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

iRule

mgrdta
Nimbostratus
Nimbostratus

‎08-Apr-2023 08:51

Hi all,

Can i write an irule and apply it to all the virtual server in a ltm. For eg. i want to write an irule which would block traffic from a specific ip and it should be applied to all virtual server without manually adding the iRule to each VS

 

 

Labels:
0 Kudos
2 REPLIES 2

Daniel_Wolf
MVP
MVP

‎08-Apr-2023 12:04

Hi @mgrdta,

you could use Packet Filter for that purpose instead of writing an iRule and applying it to all virtual servers.
The risk with this process is, someone might forget to add the iRule to a new virtual server.
Packet Filters are a global setting for the whole BIG-IP. Take a look here:
MyF5 >> BIG-IP TMOS: Routing Administration >> Packet Filters 

KR
Daniel 

Paulius
MVP
MVP

‎08-Apr-2023 15:55 - edited ‎10-Apr-2023 21:46

@mgrdta If the F5 is not your perimeter device this should be blocked on your firewall or router depending on what you have to allow traffic in. As @Daniel_Wolf stated, you are better off blocking this as a packet filter but you can create an iRule to block traffic from whatever source you would like. If you went the iRule route you might want to make it part of your build document so that when adding a new virtual server that you have an iRule that will always be applied no matter what and if you will eventually add more IPs to be blocked you should utilize a data-group to reference in your iRule for blocking sources.

Copyright © 2023 Khoros, LLC