Block IPs using data group and irule

1) Create a data group

Local Traffic > Virtual Servers > iRules > Data Group List

Create data group with Type Address

Add IP address to IP field and provide description in the value field

You can add a list of IP addresses to be blocked.

2) Create an iRule

when HTTP_REQUEST {

 foreach allxforwardvalues [HTTP::header values X-Forwarded-For] {

  foreach destip [split [string map {" " ""} $allxforwardvalues] ","] {

if { [class match -- $destip equals ip_blacklist] } {  

     reject

     event disable all

     return

   }

  }

 }

}

3) Add the iRule to virtual  ip

tcpdump

tcpdump -ni 0.0:nnn -s0 host x.x.x.x and host y.y.y.y -w /var/tmp/tdump1cap