Forum Discussion
nitass
Oct 25, 2012Employee
e.g.
[root@ve10:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.19.79:80
ip protocol 6
rules myrule
}
[root@ve10:Active] config b rule myrule list
rule myrule {
when CLIENT_ACCEPTED {
if { ! [class match -- [IP::client_addr] equals ip_class] } {
log local0. "Reject [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
reject
}
}
when SERVER_CONNECTED {
log local0. "Allow [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] -> [IP::remote_addr]:[TCP::remote_port]"
}
}
[root@ve10:Active] config b class ip_class list
class ip_class {
{
host 172.28.19.251
host 192.168.206.57
}
}
[root@ve10:Active] config tail -f /var/log/ltm
Oct 25 22:57:44 local/tmm info tmm[7926]: Rule myrule : Reject 172.28.20.11:59229 -> 172.28.19.79:80
Oct 25 22:57:53 local/tmm info tmm[7926]: Rule myrule : Allow 192.168.206.57:65000 -> 172.28.19.79:80 -> 200.200.200.101:80
Oct 25 22:58:12 local/tmm info tmm[7926]: Rule myrule : Allow 172.28.19.251:37085 -> 172.28.19.79:80 -> 200.200.200.101:80