Difference between revisions of "Block IP"

From Tech-Wiki
Jump to: navigation, search
 
Line 3: Line 3:
  
 
In order to block (or allow) connections based on static IP, or a data group, first, create a data group of type IP addr then use the code below (use 'not' if you want to allow instead)
 
In order to block (or allow) connections based on static IP, or a data group, first, create a data group of type IP addr then use the code below (use 'not' if you want to allow instead)
  if { [class match [IP::remote_addr] equals ip_blacklist] } {  
+
  when CLIENT_ACCEPTED {
 +
  if { [class match [IP::remote_addr] equals ip_blacklist] } {  
 
     reject
 
     reject
 +
  }
 
  }
 
  }
  

Latest revision as of 17:21, 28 March 2021

Back to iRules

In order to block (or allow) connections based on static IP, or a data group, first, create a data group of type IP addr then use the code below (use 'not' if you want to allow instead)

when CLIENT_ACCEPTED {
  if { [class match [IP::remote_addr] equals ip_blacklist] } { 
   reject
  }
}

Or

when CLIENT_ACCEPTED {
   if { not ( [class match [IP::client_addr] equals SMTP-Relay_Data-Group] ) } {
       reject
   }
}

Same using static IP hard coded:

when CLIENT_ACCEPTED {
   if { [IP::addr [IP::client_addr] equals xx.xx.xx.xx/xx] } {
       reject
   }
}