Forum Discussion

TJ_Vreugdenhil's avatar
TJ_Vreugdenhil
Icon for Cirrus rankCirrus
Jan 26, 2014

Apply ACL to an F5 VIP (11.4.1)

Hi

 

"Source" Option in the WebUI under the F5 VIP only seems to allow for one subset.

 

"Packet filter" only seems to apply to VLAN's.

 

Do I have to create an iRule for this? If so, what would be the most efficient method to just match on specific source addresses and allow only that subnets. e.g. below

 

2 match source-address 172.18.50.0 255.255.255.0 3 match source-address 10.12.20.0 255.255.252.0 4 match source-address 10.12.25.0 255.255.255.0

 

In regards to 11.4.1, we are only using the /Common parition if a datagroup was the best method.

 

Thanks!

 

application delivery
design
devops
iRules

3 Replies

Sort By
  • TJ_Vreugdenhil's avatar
    TJ_Vreugdenhil
    Icon for Cirrus rankCirrus
    Jan 26, 2014

    Thank you nitass. That is helpful, however, do you know where I can find an 11.x (11.4.1) iRule example? Aaron's link includes one for 9 and 10, and not yet for 11. Would you happen to have a simple sample for 11.4.1 to allow for a group of source networks?

     

    Thanks!

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 26, 2014

    do you know where I can find an 11.x (11.4.1) iRule example?

     

    10.x version is also applicable for 11.x.