-
-
Save wjn/c721d695ec0245d01ebc237eb104659d to your computer and use it in GitHub Desktop.
OpenWrt: Allow only CloudFlare to access HTTP 80 and HTTPS 443 ports. Use if your uhttpd is hidden behind CF. Put this file to /etc/firewall.user. NOTE: It uses HTTP to get the list of IPs because to wget via https we need to install ca-certs. This makes you vulnerable to MiTM attacks but that's ok to be protected from internet's hackers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.cloudflare.com/ips replace the ips-v4 with ips-v6 if needed | |
| # https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/ | |
| for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do | |
| iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment