KJ_50941
Jan 11, 2018Nimbostratus
Need to allow certain IP address to F5 VIP.
I need to restric F5 VIP to allow certain IP addresses.It appear I need to create datagroup ( allowed-nets) from F5 GUi with allow list of ip addresses. does below iRule works as is?
when CLIENT_ACCEPTED { if { not ([class match [IP::client_addr] equals allowed-nets]) } { log local0. "[IP::client_addr] is not permitted to site xxxx" reject } }
ltm data-group internal allowed-netss { records { 192.168.20.0/24, 192.178.20.0/24, 192.188.20.0/24 { data "NetYYYY" } } type ip }