Forum Discussion

Joe_Pipitone's avatar
Joe_Pipitone
Icon for Nimbostratus rankNimbostratus
Feb 08, 2011

Restrict FTP traffic on VIP to IP address or range

We're running BigIP LTM 9.4.7.

 

I have a contractor who requires FTP access to an FTP server on our network.

 

We have created a VIP that only allows traffic on port 21 to that server. We only want to allow an IP address or a range of IPs to access that specific server, and this is just a temporary access issue.

 

It is my understanding that we need to incorporate when CLIENT_ACCEPTED { into our iRule in order to accomplish this. I've found the following iRule, however it seems much more complex than what we're looking to do.

 

http://devcentral.f5.com/wiki/default.aspx/iRules/AccessControlBasedOnNetworkOrHost.html

 

I was thinking that something like this below would work, but this iRule seems to check the login name rather than the IP address or network that traffic would be coming into via port 21.

 

 

 

 

 



when CLIENT_ACCEPTED {

 

if { [matchclass [IP::remote_addr] equals $::aol] } {

 

pool aol_pool

 

} else {

 

pool all_pool

 

}

 

}

 

 

 

13 Replies