Hi Willy,
you may use one of the iRules below...
IP::addr based iRule:
The IP::addr based syntax is ideal, if just a few IPs or Subnets are requiring access (less than 5).
when CLIENT_ACCEPTED {
if { ( [IP::addr [IP::client_addr] equals "10.0.0.0/8"] )
or ( [IP::addr [IP::client_addr] equals "172.16.0.0/12"] )
or ( [IP::addr [IP::client_addr] equals "192.168.0.0/16"] ) } then {
Allow the request
} else {
reject
}
}
[class]
/ data-group based iRule:
The
[class]
/ data-group based syntax is ideal, if just if many IPs or Subnets are requiring access (more than 5)
iRule:
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals DG_ALLOWED_RDP_CLIENTS] } then {
Allow the request
} else {
reject
}
}
Data-Group:
ltm data-group internal DG_ALLOWED_RDP_CLIENTS {
records {
10.0.0.0/8 {}
172.16.0.0/12 {}
192.168.0.0/16 {}
}
type ip
}
Cheers, Kai