discard

Description¶

Causes the current packet or connection (depending on the context of the event) to be dropped/discarded and the rule continues (no implied return). This command is identical to drop.

Syntax¶

discard

discard¶

Causes the current packet or connection (depending on the context of the event) to be discarded. Nothing is sent to the client.
Removes the corresponding entry from the system connection table. Note that, in the case of TCP, if subsequent segments arrive without SYN bit set (and ACK bit unset), a RST will be sent as a result. This is the standard behavior when segments of that type arrive when there is no system connection entry.

Examples¶

when SERVER_CONNECTED {
  if { [IP::addr [IP::client_addr] equals 10.1.1.80] } {
     discard
     log local0. "connection discarded from [IP::client_addr]"
  }
 }

After “discard” is executed, the rule will continue until the end of the current event so “connection discarded …” will be logged.

Related Information¶

Valid Events:

ALL_EVENTS

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

Access Control Based On Network Or Host - This iRule allows administrators to allow or deny access to a virtual server based IP/networks and ports. This particular example is designed for use with an IP forwarding virtual server co…

Introduced: BIGIP-9.0.0
Introduced: GTM-9.2.2

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.