AltostratusIrule drop on geolocation or ip assistance
New to irules and i basically want to write something like the below but am not sure on how to do it.
Basically make a two lists that i can edit as required to hold geolocation country codes and IP and drop a connection if neither of them
Ty in advance
set allowed_country [AU CN]
set excepted_IPs [1.2.3.4 5.6.7.9]
when CLIENT_ACCEPTED {
if {{[whereis [IP::client_addr] country] ne allowed_country} or {IP::client_addr] ne excepted_IPs }} {
drop
}
You can do it via a datagroup, Create a datagroups named -
- whitelist_countries and add records with AU & CN.
- whitelist_ips and add records with 1.2.3.4 5.6.7.9
Then with the Irule take action accordingly, you can store the details in variables for better view, understanding & logging. Take out else section if you feel not needed.
when CLIENT_ACCEPTED { set country [whereis [IP::client_addr] country] set source [IP::client_addr] if { (![class match $country equals whitelist_countries]) or (![class match $source equals whitelist_ips]) } { log local0. "Dropping connection of Source IP: $source, Country: $country" drop } else { log local0. "Allowing connection of Source IP: $source, Country: $country" } }Hope it helps. Test and update back.
Note: Even if you whitelist some IP's and if they are part of blocked country, it will drop it. Because you are using OR operation. You can use nested if logic to adjust accordingly.
