Forum Discussion

grilledcheez_21's avatar
grilledcheez_21
Icon for Nimbostratus rankNimbostratus
Nov 17, 2015

iRule to allow only some IPs, Data traffic.

Hello, I'm trying to create an iRule for only allowing certain IPs through to a VIP. I was given this iRule by a co-worker, but it doesn't seem to work. All traffic appears to be getting blocked. I...
devops
iRules
LTM
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Nov 17, 2015

    Couple things. Try adding 

    IP::addr
    and put your reject in the 
    default
    command.

    when CLIENT_ACCEPTED {
    switch [IP::addr [IP::client_addr]] {
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX { return }
        default {
            reject
            log local0. "Connection rejected from [IP::client_addr]"
        }
    }
}
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus

Couple things. Try adding 

IP::addr
and put your reject in the 
default
command.

when CLIENT_ACCEPTED {
    switch [IP::addr [IP::client_addr]] {
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX -
        10.XX.XX.XX { return }
        default {
            reject
            log local0. "Connection rejected from [IP::client_addr]"
        }
    }
}
grilledcheez_21's avatar
grilledcheez_21
Icon for Nimbostratus rankNimbostratus
Nov 17, 2015
I will give that a try. Thanks!