Allow CloudFlare IP addresses with ipset

IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set.

To allow all Cloudflare IP addresses, you can use

apt install ipset
ipset create cf4 hash:net
for x in $(curl https://www.cloudflare.com/ips-v4); do ipset add cf4 $x; done
iptables -A INPUT -m set –match-set cf4 src -p tcp -m multiport –dports http,https -j ACCEPT

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *