ltm rule event FLOW INIT
iRule(1) BIG-IP TMSH Manual iRule(1)
FLOW_INIT
Triggered (once for TCP and unique UDP/IP flows) after packet filters.
DESCRIPTION
This is triggered (once for TCP and unique UDP/IP flows) after packet filters, but before any AFM and TMM work occurs. The
use cases for this event are:
Override ACL action
Bandwidth control on both client/server flows
Routing to another Vip
Marking qos tos/dscp on both client/server flows
Commands supported within this new event:
log
drop
reject
node (host ip address)
virtual (virtual server name)
pool (pool name)
TCP::close
TCP::respond
IP::client_addr
IP::local_addr
IP::tos
IP::ttl
IP::version
ACL::action
Examples
Allow US/Canada users, drop Great Brittain, Reject all others.
when FLOW_INIT {
set ipaddr [IP::client_addr]
set locale [whereis $ipaddr country]
log local0. "IP Address/Counry $ipaddr/$locale"
switch $locale {
"US" -
"CA" { return }
"GB" { ACL::action drop }
default { ACL::action reset }
}
}
Allow traffic from 172.29.97.151 and forward to vip /Common/my_http_vs
when FLOW_INIT {
if { [IP::addr [IP::client_addr] equals 172.29.97.151] } {
ACL::action allow
virtual /Common/my_http_vs
log "FLOW_INIT: ACL allow to /Common/my_http_vs"
}
}
HINTS
Note: Static:: variables and Datagroups have been tested successfully under 11.5.1/11.6.0. Under 11.5.0, tables silently
fail.
SEE ALSO
CHANGE LOG
@BIGIP-11.4.1 --First introduced the event.
BIG-IP 2022-04-12 iRule(1)