Forum Discussion
Michael_Jenkins
Jan 20, 2015Cirrostratus
Try adding some logging to see what happens and look in the LTM logs to verify things are coming in as expected. And you're trying to drop all connections with IPs in the data group and ports 80-443 (inclusive)?
when CLIENT_ACCEPTED {
Check if client IP is not defined in the allowed_clients datagroup
log local0. "IP address: [IP::client_addr]"
if { not ([class match [IP::client_addr] equals Admin_Data_Group]) } {
Client not in allowed IP list, one more check to see whether destination TCP port is in the range of 50000 to 59999 inclusive
log local0. " Port: [TCP::remote_port]"
if { [TCP::remote_port] >= 80 or [TCP::remote_port] <= 443 } {
Drop further packets from the client
drop
}
}