Forum Discussion

norouz_167230's avatar
norouz_167230
Icon for Nimbostratus rankNimbostratus
Jun 24, 2015

Accept request to the virtual server based on specific source IPs and forward rest of sources

Hello,

 

I'm looking for a way to filter the requests to a UDP virtual server based on clients source IP and if it matched with allowed source list then can use the virtual server else the requests forwarded based on big-ip routing table.

 

So far I've tried below iRule but doesn't work and seems the event conditions are not correct.

 

when CLIENT_ACCEPTED { if { [class match [IP::remote_addr] equals noCacheSources_test] } { forward } }

 

application delivery
LTM
management
security
TMOS

2 Replies

Sort By
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Jun 24, 2015
    Hi, I would recommend to add a log statement for testing to the action. I.e. 'log local0. "client ([IP::client_addr]) request forwarded due to class match". Please keep in mind, that especially UDP traffic will be kept in the connection table until it is timed out (or you applied a DNS, SIP or RADIUS specific profile) and changes to the iRule or Data Group will be applied to new connections only. Thanks, Stephan
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jun 24, 2015

    The default behavior of BigIP is to drop all packets not matching any Listener (Virtual server, SNAT, NAT)

     

    If you want to forward up packets based on routing table, you must create a Forwarding IP virtual server with destination 0.0.0.0/0

     

    If you want to load balance packets from IP A to IP B with a dedicated VS, you can create a VS with a source address.