Modifying iRule to block few IPs from accessing Internet

Question

Our internet access is through SNAT using iRule. off all the subnets present in the datagroup, we have request to block a bunch of IPs from accessing Internet. Below is the current rule.&nbsp;
if { $remote_snat eq "" &amp;&amp; [class match $CLIENT equals qa_internal] } 
      {
log local0. "processed"    
set remote_snat "DC2_OUTBOUND_QA_EXTERNAL"
}
off all the subnets present in datagroup "qa_internal" , i need to block some 20 IPs from accessing internet. What is the best way to do this?&nbsp;
Thanks
Raja&nbsp;

vijay_e · Answer

Remove them from the "qa_internal" datagroup, assuming the other parts of the iRule don't break any other access. &nbsp;

Forum Discussion

Modifying iRule to block few IPs from accessing Internet

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

iRule to modify a content-security-policy header

Protect an application exposed on Internet with F5 XC WAAP

Deploy BIG-IP on GCP with GDM without Internet access

Modifying iCall from TMSH