Scribd
Upload
15 views

How To Block IP Address by Irule

Uploaded by

Elaouni Abdessamad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

How To Block IP Address by Irule

Uploaded by

Elaouni Abdessamad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

24/05/2022 10:14 How to block IP Address by iRule

AskF5 Home / K73554344

K73554344: How to block IP Address by iRule

Support Solution

Original Publication Date: Jan 18, 2021


Updated Date: Oct 09, 2021

Description
You need a way to block/drop traffic from a specific IP or a list of IP addresses.
For example, during a suspected cyber attack or simply to discard traffic from certain IP addresses.

Environment
BIG-IP
Virtual server

Cause
None

Recommended Actions
You can make iRule(s) similar to examples provided and apply them to Virtual Servers that needs to block/drop
traffic.

when FLOW_INIT {

if { [IP::addr [IP::client_addr] equals (IPv4 Address%RouteDomain)] } {

log local0. "Blocking [IP::client_addr]"

drop

Note: If the IPv4 Address being matched is in the default route domain, the Route Domain notation does not
needed to be included in the iRule syntax.
Example:

1. Block an IP in route domain 3000:

https://support.f5.com/csp/article/K73554344 1/3
24/05/2022 10:14 How to block IP Address by iRule

when FLOW_INIT {

if { [IP::addr [IP::client_addr] equals 172.16.0.9%3000] } {

log local0. "Blocking [IP::client_addr]"

drop

2. Block an IP in the default route domain:

when FLOW_INIT {

if { [IP::addr [IP::client_addr] equals 172.16.0.9] } {

log local0. "Blocking [IP::client_addr]"

drop

3. When you have multiple/list of IP addresses or a whole network range to block/drop traffic from, then it is
recommended to use data-group created as Address (IP) type.

when FLOW_INIT {

if { [class match [IP::remote_addr] equals BlocklistIP_DataGroup]} {

log local0. "Attacker IP [IP::client_addr]"

drop

Sample Data Group with Type IP:


ltm data-group internal BlocklistIP_DataGroup {

records {

10.10.10.0/24 { }

type ip

Sample iRule for allowing an IP address if it does not match a Data Group.
when FLOW_INIT {

set ClientIP [IP::client_addr]

if { (not [class match $ClientIP equals AllowListIP_DataGroup] )} {

log local0. "Attacker IP [IP::client_addr]"

drop

}
https://support.f5.com/csp/article/K73554344 2/3
24/05/2022 10:14 How to block IP Address by iRule

Note: The log lines in the iRules are optional and can be commented (#) out.

Additional Information
None

Related Content
FLOW_INIT on F5 Cloud Docs
K50565834: How to add an iRule to a Virtual Server

F5 Support engineers who work directly with customers to resolve issues create this content. Support Solution
articles give you fast access to mitigation, workaround, or troubleshooting suggestions.
Applies to:

Product: BIG-IP
16.X.X, 15.X.X, 14.X.X, 13.X.X, 12.X.X, 11.X.X

https://support.f5.com/csp/article/K73554344 3/3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy