Gateway DNS Firewall


I am using Cloudflare Firewall ( to manage access to a self-hosted app in a Docker container. The container uses a DNS location, configured under Gateway > DNS locations. The location has the ‘Source IPv4 address’ configured correctly.

I want to block traffic from a particular organization from being able to reach this container.

At ‘Firewall policies’, I created policies to block all IP-addresses and domain names of this organization, which it lists on it’s website. I created these policies both under Firewall policies > DNS as well as Firewall policies > Network.

At Analytics > Gateway, the address of this organization appears under ‘Top blocked queries’, indicating the firewall should work.

However, I regularly check the logs of the Docker container and the organization is still able to access my Docker container.

I verified that the domain name and IP-address listed in the logs of the Docker container are listed in the policies of the Cloudflare Firewall.

Please advise me on how to resolve this issue.

Cloudflare gateway is not intended to block inbound requests to a DNS server you operate. It is meant to provide managed recursive resolver services to queries originating from the IP specified to the Cloudflare managed DNS resolvers.

I am not operating a DNS server. I am operating an application using a DNS Location of Cloudflare.

More the wrong tool then. What exactly are you trying to accomplish?

I don’t know how to explain it more detailed than in my first post.