Hello,
I'm not entirely certain what criteria you want to use to accept or reject connection requests, but hopefully these examples will get you started.
You can either defined a class to use in the rule to set which clients you want to accept/reject, or you can specify them directly in the rule. If it's more than a few items, it's probably cleaner and more efficient to use the class.
Class/Rule example:
class my_hosts_networks_class {
network 10.0.0.0 mask 255.0.0.0
host 192.168.0.100
}
rule filter_clients_rule {
when CLIENT_ACCEPTED {
if { [matchclass [IP::remote_addr] equals $::my_hosts_networks_class] and [TCP::local_port] == 3306 } {
log local0.info "accepted connection from [IP::remote_addr]"
pool http_pool
} else {
log local0.info "rejected connection from [IP::remote_addr]"
reject
}
}
}
Rule example:
rule filter_clients_rule {
when CLIENT_ACCEPTED {
if { [IP::remote_addr] == 192.168.1.1 and [TCP::local_port] == 3306 } {
log local0.info "accepted connection from [IP::remote_addr]"
pool http_pool
} else {
log local0.info "rejected connection from [IP::remote_addr]"
reject
}
}
}
Note that in the client_accepted context, remote_addr would be the client IP address, local_addr would be the VIP, and remote_port would be the client's source port and local_port would be the destination port.
Also, BIG-IP will translate the destination port the client makes a request to, to the node's port, if you have port translation enabled on the VIP (which is enabled by default).
Aaron