Forum Discussion

funkdaddy_31014's avatar
funkdaddy_31014
Icon for Nimbostratus rankNimbostratus
Aug 13, 2012

Block an external IP from ALL Virtual Servers?

Occasionally our intrusion detection software will detect nefarious IP addresses from which we would like to block access to all Virtual servers on the Big-IP.

 

 

Is there a way to do this on on an LTM (3900, v10) for the external interface (or all interfaces) without using an iRule?

 

3 Replies

  • is packet filter applicable?

     

     

    Packet Filters

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-2-0/tmos_packet_filters.html1189342
  • There is a performance hit for using packet filters, but like iRules, it's dependent on the profile of the traffic and the complexity of the iRules. You could test this in a lab environment to get an idea of the resource utilization for your specific scenario.

     

     

    Aaron