beliar34
Member
- Joined
- Feb 28, 2012
- Messages
- 307
- Solutions
- 7
- Reaction score
- 11
If somebody is using cloudflare and want to block direct ip access to his webpage (allow only trought cloudflare).
But remember if you retstart your machine iptabless will propably flush so you need to save those rules as pernament.
There is tutorial how to do it : TUTORIAL
If you want to allow other IP's than cloudflare access website directly just do :
iptables -I INPUT -p tcp -m multiport --dports http,https -s IPADRESS -j ACCEPT
ip6tables -I INPUT -p tcp -m multiport --dports http,https -s IPADRESS -j ACCEPT
Lua:
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
But remember if you retstart your machine iptabless will propably flush so you need to save those rules as pernament.
There is tutorial how to do it : TUTORIAL
If you want to allow other IP's than cloudflare access website directly just do :
iptables -I INPUT -p tcp -m multiport --dports http,https -s IPADRESS -j ACCEPT
ip6tables -I INPUT -p tcp -m multiport --dports http,https -s IPADRESS -j ACCEPT