Carlos thecarl0s
thecarl0s
/ firewall.user
Created
May 30, 2021 11:45
— forked from stokito/firewall.user
OpenWrt: Allow only CloudFlare to access HTTP 80 and HTTPS 443 ports. Use if your uhttpd is hidden behind CF. Put this file to /etc/firewall.user. NOTE: It uses HTTP to get the list of IPs because to wget via https we need to install ca-certs. This makes you vulnerable to MiTM attacks but that's ok to be protected from internet's hackers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.cloudflare.com/ips replace the ips-v4 with ips-v6 if needed | |
| # https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/ | |
| for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do | |
| iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT | |
| done |