IPTables Restrict Traffic to Only Cloudflare
Install IPTables
apt install iptables
Create IPTables Persistent Directory
mkdir -p /etc/iptables/
Save Script
Paste this Cloudflare Firewall script as /root/cffw.sh
cffw.sh
#!/bin/sh
curl -s https://www.cloudflare.com/ips-v4 -o /tmp/cf_ip4
echo "" >> /tmp/cf_ip4
curl -s https://www.cloudflare.com/ips-v6 >> /tmp/cf_ip6
echo "" >> /tmp/cf_ip6
# Allow all traffic from Cloudflare IPs (no ports restriction)
for cfip4 in $(cat /tmp/cf_ip4); do
iptables -I INPUT -p tcp -m multiport --dports http,https -s $cfip4 -j ACCEPT -m comment --comment "Cloudflare IPv4"
done
iptables-save > /etc/iptables/rules.v4
for cfip6 in $(cat /tmp/cf_ip6); do
ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $cfip6 -j ACCEPT -m comment --comment "Cloudflare IPv6"
done
ip6tables-save > /etc/iptables/rules.v6
Execute Script
bash /root/cffw.sh