HostOnNet Blog

iptables Only Allow Traffic from CloudFlare IPs

Posted on December 1, 2015 by admin

Looking for Linux Server Admin or WordPress Expert? We can help.

Contact Us

You can find cloudflare IP range at

https://www.cloudflare.com/ips/

To only allow https traffic from CloudFlare IP ranges, run

iptables -A INPUT -s 103.21.244.0/22 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 103.22.200.0/22 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 103.31.4.0/22 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 104.16.0.0/12 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 108.162.192.0/18 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 141.101.64.0/18 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 162.158.0.0/15 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 172.64.0.0/13 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 173.245.48.0/20 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 188.114.96.0/20 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 190.93.240.0/20 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 197.234.240.0/22 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 198.41.128.0/17 -p tcp --dport https -j ACCEPT
iptables -A INPUT -s 199.27.128.0/21 -p tcp --dport https -j ACCEPT
iptables -A INPUT -p tcp --dport https -j DROP

NOTE: This is for HTTPS, for http, replace –dport https with –dport http

Save the rule with command

On Ubuntu

iptables-save

On CentOS

service iptables save

Posted in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.