LB_SELECTED iRule to deny based on source and dest address

Question

Hello, would someone be able to assist with an iRule with LB_SELECTED to deny based on a specific source and destination address? There are multiple source and destination addresses so I was hoping to use switch -glob to accomplish. I'm running version 13.1 so there's no class math I could've used to accomplish this easier. Thanks in advance.

andy_mcgrath · Answer

Why can you not use class match in v13?&nbsp;

vfb · Answer

class match may be too much, as most of the deny statements are /32's&nbsp;

vfb · Answer

This is what I was trying to accomplish - &nbsp;
"when LB_SELECTED {
  switch "[IP::addr [IP::client_addr] equals "170.31.1.1"] and [IP::remote_addr] equals "170.31.1.63" -
         "[IP::addr [IP::client_addr] equals "170.31.1.10"] and [IP::remote_addr] equals "170.31.1.64"-
         "[IP::addr [IP::client_addr] equals "170.31.1.11"] and [IP::remote_addr] equals "170.31.1.65"   {snat automap}}}"&nbsp;

andy_mcgrath · Answer

class match will be better than a lot of if elseif or switch statements. Easier to manage &nbsp;
I would have a clientside data group and serverside data group if you can separate the lists? I.e. any source matched to any destination.&nbsp;

Forum Discussion

LB_SELECTED iRule to deny based on source and dest address

4 Replies

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

source address persistence maximum session timeout

CSV to Address External Datagroup File

Decoding the IPv4 address from the persistence cookie

ICMP Custom Source Address Monitor