Allow Cloudflare IPs in Firewall

< Back to the Title Topic

Allow Cloudflare IPs in Firewall

This guide will show you how to only allow Cloudflare IPs to access port 80 using IP Tables.
Please make sure that all domains are already pointed to Cloudflare, or this guide will make your domains inaccessible.

1 – Create a new file to be your new firewall:-

#vi /root/firewall

2 – Paste these codes in the file:-

#!/bin/bash

set -x

#ALLOW YOUR IP BELOW ALLOW_IP=”192.168.1.0/24 127.0.0.1″

#CLOUDFLARE IP

CF_IP=”103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/12 108.162.192.0/18 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17 199.27.128.0/21 $ALLOW_IP”

iptables -P INPUT ACCEPT

#FLUSH INPUT RULES

iptables -F INPUT

#ACCEPT CONNECTION TO PORT 80 AND 443 BASED ON $CF_IP

for ip in $CF_IP; do

iptables -A INPUT -p tcp -s $ip -m multiport –dport 80,443 -j ACCEPT

done

#DROP CONNECTION TO PORT 80 AND 443

iptables -A INPUT -p tcp -m multiport –dport 80,443 -j DROP

3 – Change the file permission:-

#chmod 755 /root/firewall

4 – Run the file:-

#/root/firewall

Previous How to install Let’s Encrypt SSL Certificate in cPanel
Next How to enable Clam Scan with Mod Security