If you're trying to allow access to specific ports on an any port VIP, you could check the TCP::local_port value (
Click here) to make a decision:
This event is triggered when a TCP connection is established between the client and the VIP
when CLIENT_ACCEPTED {
Check if the port is between 1001 and 1999
if {not ([TCP::local_port] > 1000 and [TCP::local_port] < 2000)}{
Log a debug message that we're resetting the TCP connection.
log local0. "[IP::client_addr]:[TCP::client_port]: Request to illegal port: [IP::local_addr]:[TCP::local_port]"
Send TCP reset
reject
}
}
Aaron