pass traffic based on client source IPs

Question

Hello, 
&nbsp;  
&nbsp; i have a simple question.  we want to pass traffic based on client source ip.   i have below irule.  
&nbsp;  
&nbsp; when CLIENT_ACCEPTED { 
&nbsp; if { [IP::addr [client_addr] equals 192.168.217.0/24] } { 
&nbsp; pool pool-1 
&nbsp; } elseif { [IP::addr [client_addr] equals 192.179.217.0/24] } { 
&nbsp; pool pool-1 
&nbsp; } elseif { [IP::addr [client_addr] equals 192.179.10.0/24] } { 
&nbsp; pool pool-1 
&nbsp; } else { 
&nbsp; pool pool-2 
&nbsp; } 
&nbsp; }  
&nbsp;  
&nbsp; My question is: 
&nbsp;  
&nbsp; 1. if IP::addr [client_addr] equals 192.168.217.0/24 means client address belong to this /24 subnet, or must equal ? because we have a lot source ips in these three subnets, we do not want list all the /32 source ip on irule. 
&nbsp;  
&nbsp; Thanks in advance.  
&nbsp;  
&nbsp; xiaolin  
&nbsp;

the_bhattman · Answer

Hi Xiaolin, 
&nbsp;     Yes it means that it falls within /24 subnet. 
&nbsp;  
&nbsp; Bhattman

iondro_38707 · Answer

Hello,  
&nbsp; I'm new with this product and I will like to find a symple irule to Allow source for a IP and port. 
&nbsp;  
&nbsp; My question is, i need to only accept an Ip and port for one Virtual Server, but the question is, i need to make a irule or there are an easier solution, and if u know  the script, u can save my time to help me  
&nbsp;  
&nbsp; thnaks

the_bhattman · Answer

Posted By iondro  on  01/28/2010 2:29 AM 
&nbsp;  
&nbsp; Hello,   
&nbsp;  I'm new with this product and I will like to find a symple irule to Allow source for a IP and port.  
&nbsp;    
&nbsp;  My question is, i need to only accept an Ip and port for one Virtual Server, but the question is, i need to make a irule or there are an easier solution, and if u know  the script, u can save my time to help me   
&nbsp;    
&nbsp;  thnaks &nbsp; 
&nbsp;  
&nbsp; So I if I am reading this correctly you want inspect the source address as it comes into a Virtual Server and then allow it or deny it based on the source address? 
&nbsp;  
&nbsp;  
&nbsp; Thanks, 
&nbsp; Bhattman

Forum Discussion

pass traffic based on client source IPs

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

fellow traffic

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

Block traffic

iRule based RADIUS Client Stack