Iptables - Allow only CloudFlare and QUIC.cloud IPs

iptables-web-allow_only_cloudflare_and_quic.sh

# Source:
# https://www.cloudflare.com/ips
# https://quic.cloud/docs/cdn/adding-quic-cloud-ips-to-allowlist/

# CloudFlare
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

# QUIC.cloud
for i in `curl https://quic.cloud/ips?ln`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# for i in `curl ?`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done

# DROP all others connection to indicate filtered port on scanners
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP

# or REJECT with TCP Reset to indicate closed port on scanners
#iptables -A INPUT -p tcp -m multiport --dports http,https -j REJECT --reject-with tcp-reset
#ip6tables -A INPUT -p tcp -m multiport --dports http,https -j REJECT --reject-with tcp-reset