This sounds non-trivial, so you may wish to consider engaging F5 Professional Services.
Having said that, a bit more information may be helpful. On what type of messages are you operating? What do you mean by "restricts operations"? It is simple for the BIG-IP to extract the IP address of a client, and to bind the client IP to a specific decision. The first is achieved generically via
[IP::client_addr]
and is available in nearly all events. A
data group is usually the best way to map IP addresses to some sort of policy choice.
Let's say that you want to choose a destination pool for load-balancing based on client IP:
when CLIENT_ACCEPTED {
set lb_pool [class lookup [IP::client_addr] dg-lb-decision]
if { $lb_pool ne "" } {
pool $lb_pool
}
}
The datagroup (called "dg-lb-decision") would use IP addresses (and/or netblocks) as the key, and the name of a pool as the value. If the client IP is a key, or in one of the netblocks, the associated pool will be used. Otherwise, the default pool assigned to the Virtual Server is used.
I understand this may not be your exact use-case, but extracting the client IP and the use of a data-group would be similar.