FLOW_INIT¶
Description¶
This event is triggered (once for TCP and unique
UDP/IP flows) after packet filters, but before any AFM and TMM work
occurs. The use cases for this event are:
- Override ACL action
- Bandwidth control on both client/server flows
- Routing to another Vip
- Marking qos tos/dscp on both client/server flows
Commands supported within this new event:
- log
- drop
- reject
- node (host ip address)
- virtual (virtual server name)
- pool (pool name) (As of version 12, this is still not functional ID503711)
- TCP::close
- TCP::respond
- IP::client_addr
- IP::local_addr
- IP::tos (As of version 12, this does not work inside flow_init. Use https://clouddocs.f5.com/api/irules/DATAGRAM__ip.html with “tos” as the option instead.
- IP::ttl
- IP::version
- ACL::action
- active_members
Note: Static:: variables and Datagroups have been tested successfully
under 11.5.1/11.6.0. Under 11.5.0, tables silently fail
Examples¶
Allow US/Canada users, drop Great Britain, Reject all others.
when FLOW_INIT {
set ipaddr [IP::client_addr]
set locale [whereis $ipaddr country]
log local0. "IP Address/Counry $ipaddr/$locale"
switch $locale {
"US" -
"CA" { return }
"GB" { ACL::action drop }
default { ACL::action reset }
}
}
Allow traffic from 172.29.97.151 and forward to vip /Common/my_http_vs
when FLOW_INIT {
if { [IP::addr [IP::client_addr] equals 172.29.97.151] } {
ACL::action allow
virtual /Common/my_http_vs
log "FLOW_INIT: ACL allow to /Common/my_http_vs"
}
}