Search Our Database

Allow Cloudflare IPs in Firewall

Last updated on |
by

This guide will show you how to only allow Cloudflare IPs to access port 80 using IP Tables.
Please make sure that all domains are already pointed to Cloudflare, or this guide will make your domains inaccessible.

Cloudflare IPs

1 – Create a new file to be your new firewall:-

#vi /root/firewall

2 – Paste these codes in the file:-

#!/bin/bash

set -x

#ALLOW YOUR IP BELOW
ALLOW_IP="192.168.1.0/24 127.0.0.1"

#CLOUDFLARE IP
CF_IP="103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/12 108.162.192.0/18 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17 199.27.128.0/21 $ALLOW_IP"

iptables -P INPUT ACCEPT
#FLUSH INPUT RULES
iptables -F INPUT

#ACCEPT CONNECTION TO PORT 80 AND 443 BASED ON $CF_IP
for ip in $CF_IP; do
    iptables -A INPUT -p tcp -s $ip -m multiport --dport 80,443 -j ACCEPT
done

#DROP CONNECTION TO PORT 80 AND 443
iptables -A INPUT -p tcp -m multiport --dport 80,443 -j DROP

3 – Change the file permission:-

#chmod 755 /root/firewall

4 – Run the file:-

#/root/firewall