Allow CloudFlare IP addresses with ipset
To list
ipset list ipset list -n -t ipset list -n ipset list -t
Allow CloudFlare IP addresses with ipset
To list
ipset list ipset list -n -t ipset list -n ipset list -t
IP sets are a framework inside the Linux kernel, which can be administered by the ipset utility. Depending on the type, an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set.
To allow all Cloudflare IP addresses, you can use
apt install ipset ipset create cf4 hash:net for x in $(curl https://www.cloudflare.com/ips-v4); do ipset add cf4 $x; done iptables -A INPUT -m set –match-set cf4 src -p tcp -m multiport –dports http,https -j ACCEPT