iRule help to allow 2 ip's only

Question

Hello I have a question regarding packet filtering and need help with simple iRule help 
I need to allow 2 ip's only to acesss a VIP. &nbsp;
If I use packet filtering it applies to all the VIP's correct? If yes what is the point using packet filtering?&nbsp;
iRule help I need is as below - (Will the below work) I need client with 1.1.1.1 and 2.2.2.2 to access the VIP.&nbsp;
when CLIENT_ACCEPTED  {    &nbsp;
                                if { ![IP::addr [IP::client_addr] equals 1.1.1.1] or [IP::client_addr] equals 2.2.2.2] }{
                discard
        } else {        &nbsp;
                       log local0. "Allowed Traffic"
        }
}&nbsp;

ekaleido · Answer

Create an IP datagroup containing the IPs you want to allow, then try this...
    when CLIENT_ACCEPTED {
           set yesno [class match [IP::client_addr] equals "allowed_ip"]
           switch $yesno {
                          "" { discard }
                          default { log local0. "Accepted client from [IP::client_addr" }
           }
    }

yann_desmarest · Answer

Hi,
Packet filter apply to vlans. It's more general than just blocking access to those 2 IPs on a single Virtual Server.
Your simple irule can do the trick without enabling Packet filter. You just have a small issue in the if condition : 
when CLIENT_ACCEPTED { 
    if { !([IP::client_addr] eq "1.1.1.1" or [IP::client_addr] eq "2.2.2.2") } { 
        discard 
    } else { 
        log local0. "Allowed Traffic" 
    } 
}

Forum Discussion

iRule help to allow 2 ip's only

2 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way

GSLB Split DNS by iRule

Live Coding with iRules - Heatmaps!