Forum Discussion
I guess you could create two VIPs (one TCP, one UDP) which listens to all ports and then drop the requests that does not fit the port span you defined above with an iRule.
Maybe something like this for the tcp VS:when CLIENT_ACCEPTED { if { ! (([TCP::client_port] > 1570 and [TCP::client_port] < 1575) or ([TCP::client_port] > 2500 and [TCP::client_port] < 3500)) }{ drop } }
- tolinrome_13817Nimbostratus
Thats fine as well, I suppose? But I need help in creating the iRule. I know what to do but not how to do it.
- Cory_50405Noctilucent
What do you want the iRule to do?
- tolinrome_13817Nimbostratus
So I just paste this then into the Definition of the iRule???:
VS:
when CLIENT_ACCEPTED { if { !(([TCP::client_port] > 1570 and [TCP::client_port] < 1575) or ([TCP::client_port] > 2500 and [TCP::client_port] < 3500)) }{ drop } }
/Patrik
- Yep, and assign it to the virtual server. /Patrik
- One more thing. If you want to keep the port in question intact when the F5 sends the packet on to the members you might want to untick the port translation option in the VS config.
Sorry mate. Formatting goes crazy sometimes when trying to edit your responses.
I guess you could create two VIPs (one TCP, one UDP) which listens to all ports and then drop the requests that does not fit the port span you defined above with an iRule.
Maybe something like this for the tcp VS:when CLIENT_ACCEPTED { if { ! (([TCP::client_port] > 1570 and [TCP::client_port] < 1575) or ([TCP::client_port] > 2500 and [TCP::client_port] < 3500)) }{ drop } }
Never worked with UDP this way but perhaps the client data event would work:
when CLIENT_DATA { if { ! (([UDP::client_port] > 1570 and [UDP::client_port] < 1575) or ([UDP::client_port] > 2500 and [UDP::client_port] < 3500)) }{ drop } }
/Patrik