# Source: | |
# https://www.cloudflare.com/ips | |
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables- | |
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done | |
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done | |
# Avoid racking up billing/attacks | |
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable. | |
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP | |
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP |
This comment has been minimized.
This comment has been minimized.
Great job. works like a charm! |
This comment has been minimized.
This comment has been minimized.
Congratulations on the solution, I already used the for to block IPs, now the curl. Thanks for sharing. |
This comment has been minimized.
This comment has been minimized.
@stokito thanks also for the script, I will implement it in my padavan firmware ! |
This comment has been minimized.
This comment has been minimized.
In moments of attack I did not know that Cloudflare was releasing traffic to the server. I would like to appreciate reports. In their latest post on attacks, they comment on maintaining site protection on free accounts, even large-scale ones: https://blog.cloudflare.com/mitigating-a-754-million-pps-ddos-attack-automatically/ |
This comment has been minimized.
This comment has been minimized.
Maybe use |
This comment has been minimized.
This comment has been minimized.
How often should this script refresh? |
This comment has been minimized.
This comment has been minimized.
Here https://www.cloudflare.com/ips/ is said that the list was updated only once in Oct 1, 2020.
So the file was updated yesterday and it will expire in a year (31536000 seconds). |
This comment has been minimized.
I adopted the script to OpenWrt https://gist.github.com/stokito/4dcf7d5610e563f3693ce9ff0ce8719d