Difference between revisions of "Block IP"
From Tech-Wiki
(Created page with "Category:F5 Networks '''Back to iRules''' # first, create a data group of type IP addr if { [class match [IP::remote_addr] equals ip_blacklist] }...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
'''[[F5 Networks#iRules|Back to iRules]]''' | '''[[F5 Networks#iRules|Back to iRules]]''' | ||
| − | + | In order to block (or allow) connections based on static IP, or a data group, first, create a data group of type IP addr then use the code below (use 'not' if you want to allow instead) | |
| − | if { [class match [IP::remote_addr] equals ip_blacklist] } { | + | when CLIENT_ACCEPTED { |
| + | if { [class match [IP::remote_addr] equals ip_blacklist] } { | ||
reject | reject | ||
| − | + | } | |
| − | + | ||
} | } | ||
Or | Or | ||
| + | when CLIENT_ACCEPTED { | ||
| + | if { not ( [class match [IP::client_addr] equals SMTP-Relay_Data-Group] ) } { | ||
| + | reject | ||
| + | } | ||
| + | } | ||
| + | |||
| + | Same using static IP hard coded: | ||
when CLIENT_ACCEPTED { | when CLIENT_ACCEPTED { | ||
if { [IP::addr [IP::client_addr] equals xx.xx.xx.xx/xx] } { | if { [IP::addr [IP::client_addr] equals xx.xx.xx.xx/xx] } { | ||
Latest revision as of 17:21, 28 March 2021
In order to block (or allow) connections based on static IP, or a data group, first, create a data group of type IP addr then use the code below (use 'not' if you want to allow instead)
when CLIENT_ACCEPTED {
if { [class match [IP::remote_addr] equals ip_blacklist] } {
reject
}
}
Or
when CLIENT_ACCEPTED {
if { not ( [class match [IP::client_addr] equals SMTP-Relay_Data-Group] ) } {
reject
}
}
Same using static IP hard coded:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals xx.xx.xx.xx/xx] } {
reject
}
}