IPTABLES: Only Allow CloudFlare to Access Your Server's HTTP(s) Ports

This post is actually a backup of what I did on my server in case I forget.

Note: These are command line instructions

for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -s $i --dport http -j ACCEPT; done  
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -s $i --dport https -j ACCEPT; done  
iptables -A INPUT -p tcp --dport http -j DROP  
iptables -A INPUT -p tcp --dport https -j DROP  

And to re-allow connections from anywhere:

iptables -A INPUT -p tcp --dport http -j ACCEPT  
iptables -A INPUT -p tcp --dport https -j ACCEPT  

P.S. This is only for IPv4.

Saif M.

An ex-weeaboo who likes to do almost everything that do not involve studying and physical exertion.

Disqus this post