Forum Discussion
7 Replies
Sort By
- hooleylistCirrostratusIf you want to block ICMP for a virtual server address, you can define a packet filter which drops protocol ICMP for the VIP address:
- The_BhattmanNimbostratusHere is an untested iRule way
when CLIENT_ACCEPTED { if { [IP::protocol] == 1 } { reject } }
- Vishal_96707NimbostratusIs it safe to use packet filer? Will it have any adverse impact on the performance of the box?
- The_BhattmanNimbostratus
when CLIENT_ACCEPTED { log local0. "The IP Protocol is [IP::protocol]" if { [IP::protocol] == 1 } { reject } }
- c_p_i_o_17707Historic F5 AccountDoes "bigpipe virtual address arp disable" at the CLI suite your needs?
- dennypayneEmployeeAaron's solution of using packet filters is the only one that will work here. A virtual server consists of IP address AND port, which is what iRules run on. ICMP is to the virtual *address*. Different things. And since you can have multiple virtual servers on one IP address, there's no way to affect something done on a virtual address with an iRule that runs on a virtual server.
- hooleylistCirrostratusDisabling ARP would also break all communication with any virtual server on the virtual address (unless the upstream network device had hardcoded arp entries, in which case the setting wouldn't matter).