Skip to content

Instantly share code, notes, and snippets.

@wjn
Forked from stokito/firewall.user
Created July 9, 2021 20:00
Show Gist options
  • Save wjn/c721d695ec0245d01ebc237eb104659d to your computer and use it in GitHub Desktop.
Save wjn/c721d695ec0245d01ebc237eb104659d to your computer and use it in GitHub Desktop.
OpenWrt: Allow only CloudFlare to access HTTP 80 and HTTPS 443 ports. Use if your uhttpd is hidden behind CF. Put this file to /etc/firewall.user. NOTE: It uses HTTP to get the list of IPs because to wget via https we need to install ca-certs. This makes you vulnerable to MiTM attacks but that's ok to be protected from internet's hackers
# https://www.cloudflare.com/ips replace the ips-v4 with ips-v6 if needed
# https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/
for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do
iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment