Forum Discussion
crodriguez
Oct 27, 2017Ret. Employee
Is it just one subnet that you want to block access from? If so, a datagroup is unnecessary. Usually data groups are used when you have more than about a dozen comparisons to make, otherwise an IF or SWITCH statement is usually sufficient. If using datagroups, you are better off using the CLASS command rather than MATCHCLASS which is deprecated (although still allowed to support older iRules).
If just checking against one subnet, you could the IP::addr command to test the client's IP address against the "bad" subnet:
if { [IP::addr [IP::client_addr] equals "10.10.0.0/16"] } {
}