Skip to content

Instantly share code, notes, and snippets.

Forked from stokito/firewall.user
Created Jul 9, 2021
What would you like to do?
OpenWrt: Allow only CloudFlare to access HTTP 80 and HTTPS 443 ports. Use if your uhttpd is hidden behind CF. Put this file to /etc/firewall.user. NOTE: It uses HTTP to get the list of IPs because to wget via https we need to install ca-certs. This makes you vulnerable to MiTM attacks but that's ok to be protected from internet's hackers
# replace the ips-v4 with ips-v6 if needed
for ip in `wget -qO-`; do
iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment