DarkGL · April 17, 2024 05:51
diff --git a/cloudflare.sh b/cloudflare.sh
 # Source:
 # https://www.cloudflare.com/ips
 # https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

 for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
 for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

 # Avoid racking up billing/attacks
 # WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable. 
 iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
 ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP

 # WARNING: This does NOT block Cloudflare's clients from accessing your website over HTTP or HTTPS with a Cloudflare Worker.
	# Source:
	# https://www.cloudflare.com/ips
	# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

	for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
	for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

	# Avoid racking up billing/attacks
	# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
	iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
	ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP

	# WARNING: This does NOT block Cloudflare's clients from accessing your website over HTTP or HTTPS with a Cloudflare Worker.