Forum Discussion

Arjun_Menon_343's avatar
Arjun_Menon_343
Icon for Nimbostratus rankNimbostratus
Jan 13, 2019

Virtual server with Private IP subnet and Geo location as source

We have requirement to match and allow the Private IP subnet and Geo location of QA for the virtual servers. I tried using the below Irule. Though the same is not working as only the first clause of the Irule is matched and remaining traffic is always discarded. Please help..

 

when CLIENT_ACCEPTED { if {([class match [IP::client_addr] eq private_net]) } { return } if { ([whereis [IP::client_addr]country] contains "QA") }{ return } else { discard } }

 

1 Reply

  • Hi Arjun,

    for further troubleshooting you may add some log lines to your iRule, to see whats going on behind the scene...

    when CLIENT_ACCEPTED { 
        if { [class match [IP::client_addr] eq private_net] } then { 
            log local0.debug "Allowing connection from Private IP=[IP::client_addr]"
            return 
        } elseif { [whereis [IP::client_addr] country] contains "QA" } then { 
            log local0.debug "Allowing connection from from IP = [IP::client_addr] with Geo Location = [whereis [IP::client_addr] country]"
            return 
        } else { 
            log local0.debug "Discarding connection from IP = [IP::client_addr] with Geo Location = [whereis [IP::client_addr] country]"
            discard 
        }
    }
    

    Cheers, Kai