Skip to content

Instantly share code, notes, and snippets.

@stokito
Forked from Manouchehri/cloudflare.sh
Last active January 7, 2024 22:06
Show Gist options
  • Save stokito/4dcf7d5610e563f3693ce9ff0ce8719d to your computer and use it in GitHub Desktop.
Save stokito/4dcf7d5610e563f3693ce9ff0ce8719d to your computer and use it in GitHub Desktop.
OpenWrt: Allow only CloudFlare to access HTTP 80 and HTTPS 443 ports. Use if your uhttpd is hidden behind CF. Put this file to /etc/firewall.user. NOTE: It uses HTTP to get the list of IPs because to wget via https we need to install ca-certs. This makes you vulnerable to MiTM attacks but that's ok to be protected from internet's hackers
# https://www.cloudflare.com/ips replace the ips-v4 with ips-v6 if needed
# https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/
for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do
iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT
done
@stokito
Copy link
Author

stokito commented May 11, 2019

The HTTP ports that Cloudflare support are:
80
8080
8880
2052
2082
2086
2095

The HTTPs ports that Cloudflare support are:
443
2053
2083
2087
2096
8443

https://support.cloudflare.com/hc/en-us/articles/200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy

@thyagosiqueira
Copy link

@stokito thanks also for the script, I will implement it in my padavan firmware (xiaomi router 3g).

@stokito
Copy link
Author

stokito commented Aug 27, 2020

well, just recently CL disabled the raw HTTP list. Now we have to fetch it via https.

@stokito
Copy link
Author

stokito commented Aug 29, 2020

@thecarl0s
Copy link

thecarl0s commented May 30, 2021

Blocks the connection on port
iptables -A INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -j DROP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment