Script to add the required iptables and ip6tables rules while ensuring the Cloudflare IP ranges are allowed first
Here’s a script to add the required iptables and ip6tables rules while ensuring the Cloudflare IP ranges are allowed first. Save this as iptables_block.sh sh #!/bin/bash # Allow Cloudflare IPv4 addresses for ip in 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 do iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT done # Allow Cloudflare IPv6 addresses for ip in 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32 do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT done # Block all other incoming HTTP and HTTPS traffic iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP echo "Firewall rules...
