ACL rule not working for TCP mode


#1

I tried to enable blocking for incoming source ips on tcp mode. I used the below config in my setup , but its not working. Not sure whether any wrong in the configuration. Please someone help me on this.

HAproxy version 1.6.5

Mode : TCP

frontend localtcp8089
	bind 10.11.13.20:8089			
	acl blocklist src 10.11.12.13
        tcp-request connection reject if blocklist
	use_backend localapp1

#2

Hmmm, it looks OK to me. How are you testing/confirming that it fails.

Also, this might be a bit clearer:

tcp-request connection reject if { src 10.11.12.13 }