ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    UFW Firewall Allow List for CloudFlare Proxy IP Addresses

    Scheduled Pinned Locked Moved IT Discussion
    linuxfirewallsecurityreverse proxycloudflareubuntuufw
    1 Posts 1 Posters 37 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      If you run Ubuntu or other Linux system using the UFW firewall mechanism, and you probably want to limit at least some ports to only receiving traffic from CloudFlare's proxy servers. CloudFlare provides scripts for iptables, but not for UFW. But they do provide their IP list in a handy format. So here is all you need to do...

      cd /tmp
wget https://www.cloudflare.com/ips-v4 -O ips-v4-$$.tmp
wget https://www.cloudflare.com/ips-v6 -O ips-v6-$$.tmp

for cfip in `cat ips-v4-$$.tmp`; do echo "ufw allow from $cfip to any port 80 proto tcp"; done
for cfip in `cat ips-v6-$$.tmp`; do echo "ufw allow from $cfip to any port 80 proto tcp"; done```

Notice this doesn't take action, it produces a handy human readable set of ufw instructions that you can audit before running. Just copy the output to a file and "bash file" to take action. Make sure to set the port to 443 in most cases, or run twice, once with 80 and once with 443.
      1 Reply Last reply Reply Quote 1
      • 1 / 1
      • First post
        Last post