Manual Chapter :
Common elements file for iRules
Applies To:
Show VersionsBIG-IP AAM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP APM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP Analytics
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP Link Controller
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP LTM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP PEM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP AFM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP DNS
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP ASM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Common elements file for iRules
- Locate the relevant sample iRule contained in an online version of this document and copy the iRule text.
- On the Main tab, click.The iRule List screen opens, displaying any existing iRules.
- ClickCreate.The New iRule screen opens.
- In theNamefield, type a name, such asmy_irule.The full path name of the iRule cannot exceed 255 characters.
- In theNamefield, type a unique name for the iRule.The full path name of the iRule cannot exceed 255 characters.
- In theDefinitionfield, type the syntax for the iRule using Tool Command Language (Tcl) syntax.For complete and detailed information iRules syntax, see the F5 Networks DevCentral web site (http://devcentral.f5.com).
- In theDefinitionfield, paste the iRule text that you copied in the previous step.
- Within the iRule text, edit the values of the static variables that define the high-speed logging pool, the host name, and the string data group, to match your specific configuration.
- Within the iRule text, edit the value of the static variabledcfw_vdgto match the name of the string data group for your specific configuration.
- ClickFinished.The new iRule appears in the list of iRules on the system.
- On the Main tab, click.
- On the Main tab, click.
- In the Name column, view the list of iFiles that you peviously created on the BIG-IP system.
- ClickCreate.
- In theNamefield, type a new name for the iFile, such asifileURL.
- From theFile Namelist, select the name of the imported file object, such as1k.html.
- ClickFinished.The new iFile appears in the list of iFiles.
- On the Main tab, click.The Data Group List screen opens, displaying a list of data groups on the system.
- ClickCreate.The New Data Group screen opens.
- In theNamefield, type a unique name for the data group.You must use this exact name for the data group. Otherwise, the iRule that you assign to the virtual server for implementing access control will not process successfully.
- From theTypelist, selectAddress.
- Using theAddress Recordssetting, add each IP address that you want to include in the data group:
- For theTypesetting, selectHostorNetwork.
- In theAddressfield, type an IP address.
- If the address type isNetwork, type a network mask in theMaskfield.
- In theValuefield, typenone.
- ClickAdd.
- Repeat these steps for each IP address you want to include in the data group.
- Using theAddress Recordssetting, add each IP address that you want to include in the data group:
- In theAddressfield, type the IP address in CIDR format.The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is10.0.0.1or10.0.0.0/24, and an IPv6 address/prefix isffe1::0020/64or2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a/32prefix.
- In theValuefield, typenone.
- ClickAdd.
- Repeat these steps for each IP address you want to include in the data group.
- In theNamefield, type a unique name for the data group.
- In theNamefield, type a unique name for the data group.An example of a data group name iscluster_snatpool_dg.
- From theTypelist, selectString.
- From theTypelist, selectInteger.
- Using theString Recordssetting, create entries consisting of a virtual server name and a data group name:
- In theStringfield, type the name of the virtual server (using lowercase characters only) for which you want to implement access control using data groups and an iRule.An example of a virtual server entry is/common/fwtest-bigip1.
- In theValuefield, type the name of the relevant address data group.
- ClickAdd.
- Repeat these steps for each virtual server you want to include in this data group.Each specified virtual server can represent the same destination IP address as the other virtual servers, but must have a unique port name or port number.
- Using theInteger Recordssetting, create tag mapping entries consisting of an integer (client tag) and a value (server tag):
- In theIntegerfield, type a value to be used for a specific client.
- In theValuefield, type a value that is substituted on the server.
- ClickAdd.The new mapping between the integer and corresponding value appears in the list of Integer Records.
- Using theString Recordssetting, create entries consisting of a BIG-IP device name and a SNAT pool name:
- In theStringfield, type the fully-qualified domain name of a BIG-IP system in the device group (using lowercase characters only).An example of an entry isbigip_1.ecmp.test.com.
- In theValuefield, type the name of a SNAT pool.
- ClickAdd.
- Repeat these steps for each BIG-IP device and SNAT pool that you want to include in this data group.
The result should look similar to this:bigip_1.ecmp.test.com:= snat-pool-1 bigip_2.ecmp.test.com:= snat-pool-2 bigip_2.ecmp.test.com:= snat-pool-2 - Click theImportbutton..
- ClickFinished.The new data group appears in the list of data groups.
When you later assign the access control iRule to the specified
virtual server, the virtual server allows traffic from the IP addresses
listed in the
dg-dcf-shownetworks
data
group.