ltm rule command MQTT drop
iRule(1) BIG-IP TMSH Manual iRule(1)
MQTT::drop
Drop the current MQTT message.
SYNOPSIS
MQTT::drop
DESCRIPTION
This command can be used to drop the current MQTT message. The MQTT message will not be forwarded to its destination. This
command is valid for all MQTT message types.
Syntax
MQTT::drop
RETURN VALUE
None.
VALID DURING
MQTT_CLIENT_INGRESS MQTT_SERVER_INGRESS MQTT_CLIENT_DATA MQTT_SERVER_DATA
EXAMPLES
#Enrich MQTT username with SSL client-certificate common name, reject unauthorized accesses:
when CLIENT_ACCEPTED {
set cn ""
}
when CLIENTSSL_CLIENTCERT {
set cn [ lindex [ split [lindex [ split [X509::subject [SSL::cert 0]] "," ] 0 ] "=" ] 1 ]
log local0. "Client Cert Common Name: $cn"
}
when MQTT_CLIENT_INGRESS {
if {[MQTT::type] == "CONNECT"} {
if {$cn == ""} {
MQTT::drop
MQTT::respond type CONNACK return_code 5
} else {
set user [MQTT::username]
MQTT::username "$cn:$user"
}
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-13.0.0 --First introduced the command.
BIG-IP 2022-04-12 iRule(1)