iptables

rules.v4

ipset destroy arvancloud
ipset create arvancloud hash:ip family inet

ipset add arvancloud 185.143.232.0/22
ipset add arvancloud 188.229.116.16/29
ipset add arvancloud 94.101.182.0/27
ipset add arvancloud 2.144.3.128/28
ipset add arvancloud 89.45.48.64/28
ipset add arvancloud 37.32.16.0/27
ipset add arvancloud 37.32.17.0/27
ipset add arvancloud 37.32.18.0/27
ipset add arvancloud 37.32.19.0/27
ipset add arvancloud 185.215.232.0/22
ipset add arvancloud 178.131.120.48/28

iptables -t filter -N ALLOW_CDN
iptables -t filter -F ALLOW_CDN

iptables -t filter -A ALLOW_CDN -p tcp --dport 80 -m set --match-set arvancloud src -j ACCEPT
iptables -t filter -A ALLOW_CDN -p tcp --dport 443 -m set --match-set arvancloud src -j ACCEPT
iptables -t filter -A ALLOW_CDN -j LOG --log-prefix "CDN_DROP: " --log-level 4
iptables -t filter -A ALLOW_CDN -j DROP

iptables -t filter -I INPUT 1 -p tcp --dport 80 -j ALLOW_CDN
iptables -t filter -I INPUT 2 -p tcp --dport 443 -j ALLOW_CDN

ipset save > /opt/iptables/ipset.conf

sudo iptables-save > /opt/iptables/rules.v4
sudo iptables-apply /opt/iptables/rules.v4

dmesg | tail -2000 | grep -E "HTTP_IN"
iptables -I INPUT 1 -p tcp --dport 80 -j LOG --log-prefix "HTTP_IN: " --log-level 4