ltm rule command ACL action
iRule(1) BIG-IP TMSH Manual iRule(1)
ACL::action
Sets or retrieves the current ACL action.
SYNOPSIS
ACL::action (default |
drop |
reset |
allow |
allow-final |
staged)?
DESCRIPTION
The ACL::action command allows you to determine the ACL action in the
FLOW_INIT event. This command requires the Advanced Firewall Manager
module.
Syntax
ACL::action
* without providing an action, the command will return an integer
value corresponding to an action that will be taken
+ 0 is a drop
+ 1 is reset (or reject)
+ 2 is allow (or accept)
+ 3 is allow-final (or accept-decisively)
ACL::action [default | drop | reset | allow | allow-final]
* sets the action to take on the ACL this rule is applied to. This
command does not return a value.
+ default - takes the default action on the ACL within current
context effectively skipping any defined rules
+ drop - drops the connection
+ reset - resets the connection
+ allow - allows the connection and proceeds to the next ACL.
+ allow-final - allows the connection and bypasses further ACL
processing
+ staged - retrieves the current staged action
If the ACL action is modified, running ACL::action will return the new
action to be taken.
RETURN VALUE
When no argument is provided, the command will return an integer value
corresponding to an action that will be taken:
+ 0 is a drop
+ 1 is reset (or reject)
+ 2 is allow (or accept)
+ 3 is allow-final (or accept-decisively)
VALID DURING
EXAMPLES
when FLOW_INIT {
set ipaddr [IP::client_addr]
set locale [whereis $ipaddr country]
log local0. "IP Address/Counry $ipaddr/$locale"
switch $locale {
"US" -
"CA" { return }
"GB" { ACL::action drop }
default { ACL::action reset }
}
}
when FLOW_INIT {
if { [IP::addr [IP::client_addr] equals 172.29.97.151] } {
ACL::action allow
virtual /Common/my_http_vs
log "FLOW_INIT: ACL allow to /Common/my_http_vs"
}
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-11.4.1 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)