How to lockdown my server after implementing Cloudflare Tunnel

Hi, we’ve managed to install CF Tunnel on a Ubuntu/LAMP server, and give it a public domain. I can successfully access the website content through the Tunnel’s public address.

I’m struggling to work out the point of implementing it, if it effectively does what the orange-cloud does anyway.

What are the next steps after implementing it? Is there some form of lockdown I should be doing to only allow Tunnel traffic?

With Ubuntu, you should have UFW, where you can control inbound and outbound connections:

If you follow the steps listed, the first four steps should lock your server down so only SSH connections can come in. Outgoing connections were allowed in Step 2, which will let the tunnel connect to Cloudflare.

2 Likes

Thank you for the info. I’ll follow the steps. I presume I can do the same on a CentOS one too?

If I block all ports except SSH, will the tunnel be able to connect to ports 80 and 443 still? Does UFW get ignored on the local device then?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.