Forum Discussion

Richard_Grigsby's avatar
Richard_Grigsby
Icon for Nimbostratus rankNimbostratus
Feb 21, 2018

iRule for SMPT allowed - moved from 10.2.3 to 12.2

Existing iRule on 10.2.3 does not work on 12.2. Is there a sytax difference from 1.2.3 to 12.2

 

Called Data Group List: smtp_relay_allowed is in place

 

Snat Pool List: snat_smtp_relay is in place calling 10.40.1.199

 

iRule: smtp_relay_rule :

 

when CLIENT_ACCEPTED { set accepted_snat "10.40.1.199"

 

if { [ class exists smtp_relay_allowed ] } { if { [class match [IP::client_addr] equals $::smtp_relay_allowed] } { snat $accepted_snat

 

} else { snat automap } } else { snat automap } }

 

3 Replies

  • More readable format:

    when CLIENT_ACCEPTED { 
      set accepted_snat "10.40.1.199"
      if { [ class exists smtp_relay_allowed ] } { 
        if { [class match [IP::client_addr] equals $::smtp_relay_allowed] } { 
          snat $accepted_snat
        } else { 
          snat automap
        } 
      } else { 
        snat automap 
      }
    }
    
  • It looks like if nothing else, the way you are referring to your datagroup in the class match statement will cause a runtime error and result in a RST being sent.

     

    From the class page in the wiki:

     

    "In v11, using $::datagroup_name will result in a TCL runtime error and a reset being sent to the client!"

     

  • This was resolved by removing character that were depreciated in 11.0

     

    It is explained here: https://devcentral.f5.com/wiki/irules.class.ashx

     

    I removed the $:: from the reference to the data group. The global variable reference was deprecated in version 11.

     

    Was: if { [class match [IP::client_addr] equals $::smtp_relay_allowed] }

     

    Now: if { [class match [IP::client_addr] equals smtp_relay_allowed] }