|for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done|
|for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done|
|# Avoid racking up billing/attacks|
|# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.|
|iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP|
|ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP|
I adopted the script to OpenWrt https://gist.github.com/stokito/4dcf7d5610e563f3693ce9ff0ce8719d
In moments of attack I did not know that Cloudflare was releasing traffic to the server. I would like to appreciate reports.
In their latest post on attacks, they comment on maintaining site protection on free accounts, even large-scale ones: https://blog.cloudflare.com/mitigating-a-754-million-pps-ddos-attack-automatically/
Here https://www.cloudflare.com/ips/ is said that the list was updated only once in Oct 1, 2020.
So the file was updated yesterday and it will expire in a year (31536000 seconds).