irule question

Short answer is because the first is syntactically correct, but the second isn't... It's missing the block of something to do.

 

 

In languages like C or perl, you could put a ';' in place to denote what is essentially a no-op... But tcl doesn't have that syntax... It's expecting something to do. And 'else' isn't a valid 'something to do'. It's part of the control itself. It's also IMO bad practice to write code such that an evaluation results in a NOOP and you have an else there instead (Sorry, comp sci education coming out in me again).

 

 

A better syntax (If you really don't want to do anything from the if{} statement is to negate the test. Then you don't need the else {} at all.

 

 

 

H

Also, for v9.4.4 or higher, you should remove the $:: prefix from the datagroup name. And in 10.0+ you should change matchclass to class match:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/class

 

 

Aaron

the block

if { [matchclass [IP::client_addr] equals $::ace_servers]}
else { 
    discard 
}

should be

if { [matchclass [IP::client_addr] equals $::ace_servers]} {
} else { 
    discard 
}