Cannot whitlist 5 PayPal IP's for (IPN)

Hello, I need to whitelist a few IP’s for PayPal’s “Payments Notification (IPN)”

They emailed a few IP’s and all of them work but 5 that I cannot whitelist because I get this error.
“Only an IPv4 range (CIDR) value of /16 or /24 is allowed for IP Access Rules”

These are the IP’s I cannot Allow in “IP Access Rules” to bypass the firewall.

64.4.240.0/21
64.4.248.0/22
66.211.168.0/22
173.0.80.0/20
91.243.72.0/23

So /20, /21, /22, /23 are not working. :frowning:

Then you’ll have to settle for /16. It’s less restrictive, but at least it’s something.

You can add these addresses to an IP List (Configurations) and then use this in your firewall as

(ip.src in $paypal)

Works for me.

3 Likes

Can you please explain in detail exactly what you did. Everything I do Cloudflare complains about CIDR ranges. This is quite irritating. These should just be supported!

When I input 64.4.240.0/16 into Tools, I get this:

So it’s going to cover 64.4.248.0 as well. As I said, it’s less restrictive, but it should work. The other three shouldn’t have any overlap.

1 Like

If I understood correctly you are trying to create a firewall rule to ALLOW Paypal IPN, right?

Go to Cloudflare | Configuration | Lists. Create a new list and add the IP addresses:

Go to Firewall, create a rule like this and deploy.

2 Likes

Or if going down the /16 path, just convert the /20 /21 /22 to a few /24
e.g.
64.4.240.0/21
becomes
64.4.240.0/24
64.4.241.0/24
64.4.242.0/24
64.4.243.0/24
64.4.244.0/24
64.4.245.0/24
64.4.246.0/24
64.4.247.0/24
etc, per
https://www.adminsub.net/ipv4-subnet-calculator/64.4.240.0/21

1 Like

They seem like “IP ranges” change the operator value to IP ranges and see if that helps

You must be using a premium account or something because “Configuration” is missing. If /16 works, I’ll just use that. Besides I’m using all 5 firewall rules.

You have reached the limit of firewall rules in that case, unless you have a paid plan cloudflare will only allow you to have 5 active firewall rules at a time, you can pause or delete a firewall rule to make another one. P.S: Which plan do you have?

This is completely rediculus. I add the /24 IP’s instead to “IP Access Rules” and it wipes out the /16 IP’s. This service should just support these ranges PayPal requires. I shouldn’t need to do a pile of loopholes just to add a few IP’s because this service only uses /16 or /24

I’m deleting all of them and starting back with /16 it better work.

None.

What? Are you using cloudflare?

Huh? Yes, I am using Cloudflare.

Then how are you not using any plan for your website?

I’m using the free version of Cloudflare. Rail gun through hosting. So if this “List” and others are pro features, they don’t help me.

Yeah you’ve reached the firewall limit, you’ll need to pause or delete a rule to make another one!

I use all 5 to block bot’s. So pausing and removing is not an option. I can always add to the rules though. But this so called “List” seems to not exist because I can’t find “Configurations” to get to it.

Not just that, seems all the /16 IP’s I added disappeared in “IP Access Rules” after adding /24 to the same ones. If this service has just supported what PayPal is asking to begin with I wouldn’t be dealing with this problem.

If I just add the IP example 64.4.240.0/21 to IP Access Rules as 64.4.240.0 and it works i’ll be fine with it.

Maybe high security level can help, your website doesn’t seem under attack so IUAM is not needed for more details visit

I have my reasons for the firewall rules. It’s not related to this post anyway. I prefer to just use “IP Access Rules” for this. If you have a solution using it. Should I just leave them as /24 or /16 let me know. I want to move on from this.