Skip to content

Instantly share code, notes, and snippets.

@campones
Forked from Manouchehri/cloudflare.sh
Created August 13, 2023 08:00
Show Gist options
  • Save campones/1cd754dd8463e75d5a5a71dcff344e27 to your computer and use it in GitHub Desktop.
Save campones/1cd754dd8463e75d5a5a71dcff344e27 to your computer and use it in GitHub Desktop.
Allow CloudFlare only
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
# WARNING: This does NOT block Cloudflare's clients from accessing your website over HTTP or HTTPS with a Cloudflare Worker.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment