Forum Discussion

grilledcheez_21's avatar
grilledcheez_21
Icon for Nimbostratus rankNimbostratus
Nov 17, 2015
Solved

iRule to allow only some IPs, Data traffic.

Hello, I'm trying to create an iRule for only allowing certain IPs through to a VIP. I was given this iRule by a co-worker, but it doesn't seem to work. All traffic appears to be getting blocked. I...
devops
iRules
LTM
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Nov 17, 2015

    Couple things. Try adding 

    IP::addr
    and put your reject in the 
    default
    command.

    when CLIENT_ACCEPTED {
    switch [IP::addr [IP::client_addr]] {
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX { return }
        default {
            reject
            log local0. "Connection rejected from [IP::client_addr]"
        }
    }
}
Brad_Parker_139's avatar
Brad_Parker_139
Icon for Nacreous rankNacreous

Couple things. Try adding 

IP::addr
and put your reject in the 
default
command.

when CLIENT_ACCEPTED {
    switch [IP::addr [IP::client_addr]] {
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX { return }
        default {
            reject
            log local0. "Connection rejected from [IP::client_addr]"
        }
    }
}
grilledcheez_21's avatar
grilledcheez_21
Icon for Nimbostratus rankNimbostratus
Nov 17, 2015
I will give that a try. Thanks!