yaoxu_11146
May 29, 2008Nimbostratus
how to write universal ACL iRule
we have a F5 device,which is supporting a lot of VSs, and these VSs require the same ACL, which means these VSs only accept access from our Corp intranet. below is our iRule for certain pool:
when CLIENT_ACCEPTED {
if {[matchclass [IP::remote_addr] equals $::Client_Intranet]} {
pool Pool_DestinationPool
} else {drop
}
}
Note: Client_Intranet is the data group.
the pain is that we have to write individual iRule for each pool. i'm wondering whether there is a way to write a universal iRule that works for all VSs which requires the same ACL. sth like below?
if {[matchclass [IP::remote_addr] not equals $::Client_Intranet]} {
drop
}
any advice will be highly appreciated~~