Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

irule allow only one IP to VIP

Hi guys I need to allow only one ip to vip and will this help ?

    when CLIENT_ACCEPTED {
    if { ( [IP::addr [IP::client_addr] equals "11.22.33.44"] )
       } then {
# Allow 
    } else {
# DROP
        reject
    }
}
0
Rate this Question
Comments on this Question
Comment made 23-Feb-2017 by Amine Kadimi 675

Should work. You can use drop instead of reject if you don't need to inform the client and just drop silently.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Ok I had to go with data group

when CLIENT_ACCEPTED {
# Check the data group
if { ! ([class match [IP::client_addr] equals allow_2_IP ]) } {
    # Not valid client
    drop
}

}

works fine but if someone have irule which allow only 2 ips it would be great also :)

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Or this:

when CLIENT_ACCEPTED {
    if { !( [IP::addr [IP::client_addr] equals "11.22.33.44"] ) } {
        reject
    }
}
1
Comments on this Answer
Comment made 30-Nov-2017 by slesh 200

Hi Can we update this irule somehow to filter 2 ip addresses ?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Or this without iRule:

From GUI:

Local Traffic ›› Virtual Servers : Virtual Server List >> my_virtual_server

source : 11.22.33.44/32

1
Comments on this Answer
Comment made 24-Feb-2017 by slesh 200

This one was good tip forgot about that :D Thanks all

0