Port Forwarding - Need Help

Question

Hi, 
&nbsp;  
&nbsp; I am new to the iRules , i need to write an iRule that will apply to a VS and will accept only TCP connection from a specific range of destination TCP ports . 
&nbsp;  
&nbsp; Can someone suggest such an iRule ? 
&nbsp;  
&nbsp; Thanks

nicolas_menant · Answer

You should have checked the wiki it would have give you what you need 
  
 Click here 
 Click here

when CLIENT_ACCEPTED { 
   if { not([IP::addr [IP::client_addr]/16 equals "10.10.0.0"]) } { 
      reject 
  } 
 }

hooleylist · Answer

If you're trying to allow access to specific ports on an any port VIP, you could check the TCP::local_port value (Click here) to make a decision:

This event is triggered when a TCP connection is established between the client and the VIP 
 when CLIENT_ACCEPTED { 
  
     Check if the port is between 1001 and 1999 
    if {not ([TCP::local_port] &gt; 1000 and [TCP::local_port] &lt; 2000)}{ 
  
        Log a debug message that we're resetting the TCP connection. 
       log local0. "[IP::client_addr]:[TCP::client_port]: Request to illegal port: [IP::local_addr]:[TCP::local_port]" 
  
        Send TCP reset 
       reject 
    } 
 }

Aaron

Forum Discussion

Port Forwarding - Need Help

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

SMTP Traffic Forward to M365 on Port 587

Policy to forward to a range of ports

Response port masking

Multiple Port Load Balancing

Assistance with iRule using port ranges