stokito · January 7, 2024 22:06 · May 11, 2019 · May 5, 2019 · May 5, 2019 · May 5, 2019
diff --git a/firewall.user b/firewall.user
@@ -1,4 +1,5 @@
-# https://www.cloudflare.com/ips replace the ips-v4 with v6 if needed
+# https://www.cloudflare.com/ips replace the ips-v4 with ips-v6 if needed
+# https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/
 for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do
-  iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
+  iptables -I INPUT -p tcp -m multiport --dports 80,443,8080,8443,2052,2053,2082,2083,2086,2087,2095,2096,8880 -s $ip -j ACCEPT
 done
diff --git a/cloudflare.sh b/cloudflare.sh
@@ -1,11 +0,0 @@
-# Source:
-# https://www.cloudflare.com/ips
-# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
-
-for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
-for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
-
-# Avoid racking up billing/attacks
-# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable. 
-iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
-ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP

diff --git a/firewall.user b/firewall.user
@@ -0,0 +1,4 @@
+# https://www.cloudflare.com/ips replace the ips-v4 with v6 if needed
+for ip in `wget -qO- http://www.cloudflare.com/ips-v4`; do
+  iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
+done
diff --git a/cloudflare.sh b/cloudflare.sh
@@ -2,29 +2,8 @@
 # https://www.cloudflare.com/ips
 # https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
 
-# IPv4
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 103.21.244.0/22 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 103.22.200.0/22 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 103.31.4.0/22 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 104.16.0.0/12 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 108.162.192.0/18 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 141.101.64.0/18 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 162.158.0.0/15 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 172.64.0.0/13 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 173.245.48.0/20 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 188.114.96.0/20 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 190.93.240.0/20 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 197.234.240.0/22 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 198.41.128.0/17 -j ACCEPT
-iptables -I INPUT -p tcp -m multiport --dports http,https -s 199.27.128.0/21 -j ACCEPT
-
-# IPv6
-ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2400:cb00::/32 -j ACCEPT
-ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2405:8100::/32 -j ACCEPT
-ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2405:b500::/32 -j ACCEPT
-ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2606:4700::/32 -j ACCEPT
-ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2803:f800::/32 -j ACCEPT
-
+for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
+for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
 
 # Avoid racking up billing/attacks
 # WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable. 

diff --git a/cloudflare.sh b/cloudflare.sh
@@ -1,5 +1,6 @@
 # Source:
 # https://www.cloudflare.com/ips
+# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
 
 # IPv4
 iptables -I INPUT -p tcp -m multiport --dports http,https -s 103.21.244.0/22 -j ACCEPT
@@ -26,5 +27,6 @@ ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2803:f800::/32 -j
 
 
 # Avoid racking up billing/attacks
+# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable. 
 iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
 ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
diff --git a/cloudflare.sh b/cloudflare.sh
@@ -26,5 +26,5 @@ ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2803:f800::/32 -j
 
 
 # Avoid racking up billing/attacks
-iptables -A INPUT -p tcp --dport http,https -j DROP
-ip6tables -A INPUT -p tcp --dport http,https -j DROP
+iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
+ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
diff --git a/cloudflare.sh b/cloudflare.sh
@@ -0,0 +1,30 @@
+# Source:
+# https://www.cloudflare.com/ips
+
+# IPv4
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 103.21.244.0/22 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 103.22.200.0/22 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 103.31.4.0/22 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 104.16.0.0/12 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 108.162.192.0/18 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 141.101.64.0/18 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 162.158.0.0/15 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 172.64.0.0/13 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 173.245.48.0/20 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 188.114.96.0/20 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 190.93.240.0/20 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 197.234.240.0/22 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 198.41.128.0/17 -j ACCEPT
+iptables -I INPUT -p tcp -m multiport --dports http,https -s 199.27.128.0/21 -j ACCEPT
+
+# IPv6
+ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2400:cb00::/32 -j ACCEPT
+ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2405:8100::/32 -j ACCEPT
+ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2405:b500::/32 -j ACCEPT
+ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2606:4700::/32 -j ACCEPT
+ip6tables -I INPUT -p tcp -m multiport --dports http,https -s 2803:f800::/32 -j ACCEPT
+
+
+# Avoid racking up billing/attacks
+iptables -A INPUT -p tcp --dport http,https -j DROP
+ip6tables -A INPUT -p tcp --dport http,https -j DROP