Zuke_254875
Apr 03, 2019Altostratus
Port range iRule
We have a requirement for a wildcard virtual server and to allow access to the application servers on port range between 30000 and 32768.
When I apply the below iRule, I'm unable to reach the servers.
when CLIENT_ACCEPTED {
if { {expr [TCP::client_port] < 30000] or [expr [TCP::client_port] > 32768} } {
reject
}
}
I'm getting client resets on the pool members when the iRule is applied.
192.168.20.142.53464 > 10.18.142.64.31090: Flags [S], cksum 0xe5ad (incorrect -> 0x12c3), seq 371331784, win 4380, options [mss 1460,nop,nop,TS val 3830442533 ecr 0,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/applicationname-any-vs
17:47:16.391284 IP (tos 0x0, ttl 62, id 26705, offset 0, flags [DF], proto TCP (6), length 40)
10.18.142.64.31090 > 192.168.20.142.53464: Flags [R.], cksum 0x571b (correct), seq 0, ack 371331785, win 0, length 0 in slot1/tmm0 lis=/Common/applicationname-any-vs
As soon as the iRule is removed, traffic connects successfully.