Forum Discussion
Lucas_Thompson
Employee
Jan 05, 2024If you know the schedule in advance and just want to block certain hours it might be easier to write a simple irule to block the traffic when you need to. Also note when you "disable" a VS in BIG-IP, it will still answer ARPs (unless you disable/remove the virtual address too) but will answer with a RST when the VS is matched to a new flow. To duplicate this behavior dynamically in an irule, you could do something like this.
when CLIENT_ACCEPTED {
# set the UTC hours to deny
set hours_to_deny "0 1 2 3 4 5 6 7 17 18 19 20 21 22 23"
set seconds_per_day [ expr 24 * 60 * 60 ]
set seconds_per_hour [ expr 60 * 60 ]
set seconds_since_midnight [ expr [ clock seconds] % $seconds_per_day ]
set hour [expr int([ expr $seconds_since_midnight / $seconds_per_hour ]) ]
log local0. "New connection from [IP::client_addr] UTC hour is: $hour"
if { [lsearch -integer $hours_to_deny $hour] } {
log local0. "drop connection"
reject
} else {
log local0. "allow connection"
}
}