Search our database

Allow Cloudflare IPs in Firewall

This guide will show you how to only allow Cloudflare IPs to access port 80 using IPTables.
Please make sure that all domains is already pointed to Cloudflare, or this guide will make your domains inaccessible.

Cloudflare IPs

1 – Create a new file to be your new firewall :-

#vi /root/firewall
2 – Paste this codes in the file :-

#!/bin/bash
 
set -x
 
#ALLOW YOUR IP BELOW
ALLOW_IP="192.168.1.0/24 127.0.0.1"
 
#CLOUDFLARE IP
CF_IP="103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/12 108.162.192.0/18 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17 199.27.128.0/21 $ALLOW_IP"
 
iptables -P INPUT ACCEPT
#FLUSH INPUT RULES
iptables -F INPUT
 
#ACCEPT CONNECTION TO PORT 80 AND 443 BASED ON $CF_IP
for ip in $CF_IP; do
    iptables -A INPUT -p tcp -s $ip -m multiport --dport 80,443 -j ACCEPT
done
 
#DROP CONNECTION TO PORT 80 AND 443
iptables -A INPUT -p tcp -m multiport --dport 80,443 -j DROP
3 – Change the file permission :-

#chmod 755 /root/firewall
4 – Run the file :-

#/root/firewall