Access Control Based on IP

Problem this snippet solves:

This iRule forwards traffic based on "trusted" source addresses. The original application was to add a layer of security to IP forwarding virtual servers. By default, it will drop traffic unless the source IP is a member of the trustedAddresses data group.

How to use this snippet:

This iRule depends upon a single datagroup (class) of type Address named trustedAddresses.

Code :

when RULE_INIT {
# v1.0 - basic ACL.
# October, 2007
# Tested on BigIP version 9.4.
#
# Purpose: 
#   Bind this rule to a network virtual server to simply allow or disallow traffic based on source IP. 
#   This rule expects a datagroup named trustedAddresses that lists the addresses you wish to allow. 
#   By default, traffic will be dropped.
}
when CLIENT_ACCEPTED  {

if { [matchclass [IP::client_addr] equals $::trustedAddresses] }{

#Uncomment the line below to turn on logging.
#log local0.  "Valid client IP: [IP::client_addr] - forwarding traffic"
forward
} else {

#Uncomment the line below to turn on logging.
#log local0. "Invalid client IP: [IP::client_addr] - discarding"
discard
}

}

Tested this on version:

9.4
Published Jan 30, 2015
Version 1.0
access control
application delivery
devops
iRules

Was this article helpful?