Manual Chapter : 3-DNS Module for BIG-IP Reference guide, v4.0: Access Control Lists

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.0 PTF-01, 4.0.0
Manual Chapter


2

Access Control Lists



Access control lists

With access control lists (ACLs), you can block probing for members of the ACL when you use dynamic RTT probing on your 3-DNS Controller. Table 2.1 lists the ACL types and describes their functions.

Access control list types and descriptions
ACL Type Description
Prober Prober ACLs limit round-trip time probes.
Hops Hops ACLs limit traceroute probes.
Discovery Discovery ACLs limit port discovery probes.

To define ACLs using the Configuration utility

  1. In the navigation pane, click System.
    The System - General screen opens.

  2. On the toolbar, click ACL.
    The ACL Configuration screen opens.

  3. Add the settings for the ACLs you want to create, and click Update. For more information on this screen, click Help on the toolbar.

To define ACLs from the command line

  1. If one does not already exist, create a file called region.ACL in the /var/3dns/include directory. You must add the include file at the beginning of the wideip.conf file.

  2. Add the file to /etc/wideip.conf by typing, at the command line:

    include "region.ACL"

Tip: When you create ACLs by editing the wideip.conf file from the command line, we strongly recommend that you put the ACLs in a separate include file.

The ACLs you can create are probe_acl, hops_acl, and discovery_acl. Figure 2.1 is an example the syntax for a region.ACL file with definitions for the three ACL types.

Figure 2.1 Sample region.ACL file

 actions {     
NO_RELAY
delete rdb ACL region "probe_acl"
delete rdb ACL region "hops_acl"
delete rdb ACL region "discovery_acl"
}
region_db ACL {
region {
name "probe_acl"
region "probe_acl"
192.168.4.0/24
}
region {
name "hops_acl"
192.168.2.0/16
}
region {
name "discovery_acl"
192.168.11.11/32
192.168.4.0/24
}
}