mateuszbaluch · April 13, 2020 12:26
diff --git a/cloudflare.sh b/cloudflare.sh
 # Source:
 # https://www.cloudflare.com/ips
 # https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

 # create new chains
 iptables -N CF 2>/dev/null
 ip6tables -N CF 2>/dev/null
 # clear chains
 iptables -F CF
 ip6tables -F CF

 # add cloudflare ips to CF chain
 for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I CF -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
 for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I CF -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

 # drop packets from other ips
 iptables -A CF -p tcp -m multiport --dports http,https -j DROP
 ip6tables -A CF -p tcp -m multiport --dports http,https -j DROP

 # delete chains from input
 iptables -D INPUT -j CF 2>/dev/null
 ip6tables -D INPUT -j CF 2>/dev/null

 # add chains to input
 iptables -A INPUT -j CF
 ip6tables -A INPUT -j CF
	# Source:
	# https://www.cloudflare.com/ips
	# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-

	# create new chains
	iptables -N CF 2>/dev/null
	ip6tables -N CF 2>/dev/null
	# clear chains
	iptables -F CF
	ip6tables -F CF

	# add cloudflare ips to CF chain
	for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I CF -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
	for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I CF -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

	# drop packets from other ips
	iptables -A CF -p tcp -m multiport --dports http,https -j DROP
	ip6tables -A CF -p tcp -m multiport --dports http,https -j DROP

	# delete chains from input
	iptables -D INPUT -j CF 2>/dev/null
	ip6tables -D INPUT -j CF 2>/dev/null

	# add chains to input
	iptables -A INPUT -j CF
	ip6tables -A INPUT -j CF