Simple shell script for Linux that prevents non-Cloudflare IPs from reaching your backend.
Blocks unknown hosts from accessing your backend's HTTP and HTTPS ports using IPTables
Issues | Pull Requests | Discord | License
- Download or copy the script to your server
- Make the script executable by using chmod (
sudo chmod +x cloudflare.sh) - Run the script with super user privileges (
sudo ./cloudflare.sh) - The rules are automatically applied or removed, depending if you the rules already existed
- (If you want to undo the changes, run the script again)
If you encounter any issues or bugs, please open a GitHub issue.
Running the script for the first time (Adding rules)
user@webserver:~# sudo ./cloudflare.sh
Downloading latest IP ranges from the official Cloudflare website...
Allowing X.X.X.X/X (cloudflare IP)...
[...]
Adding rule that disallows all connections from untrusted hosts...
Done!
user@webserver:~#
Running the script for the second first time (Removing existing rules)
user@webserver:~# sudo ./cloudflare.sh
Downloading latest IP ranges from the official Cloudflare website...
Removing X.X.X.X/X (duplicate entry)...
[...]
Removing rule that disallows all connections from untrusted hosts...
Done!
user@webserver:~#
cf-ipwl is licensed under the GNU General Public License 3.0.