Access Control Based on IP
Problem this snippet solves: This iRule forwards traffic based on "trusted" source addresses. The original application was to add a layer of security to IP forwarding virtual servers. By default, it will drop traffic unless the source IP is a member of the trustedAddresses data group. How to use this snippet: This iRule depends upon a single datagroup (class) of type Address named trustedAddresses. Code : when RULE_INIT { # v1.0 - basic ACL. # October, 2007 # Tested on BigIP version 9.4. # # Purpose: # Bind this rule to a network virtual server to simply allow or disallow traffic based on source IP. # This rule expects a datagroup named trustedAddresses that lists the addresses you wish to allow. # By default, traffic will be dropped. } when CLIENT_ACCEPTED { if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{ #Uncomment the line below to turn on logging. #log local0. "Valid client IP: [IP::client_addr] - forwarding traffic" forward } else { #Uncomment the line below to turn on logging. #log local0. "Invalid client IP: [IP::client_addr] - discarding" discard } } Tested this on version: 9.4