I recently bought a server from a provider and since I use Cloudflare services I wanted to publish my SSH behind Spectrum and block the SSH port to any other address. For this, I created a script and put it in crontab to run daily.
#!/bin/bash
iptables -F INPUT
for address in $(curl -fsSL https://www.cloudflare.com/ips-v4)
of
iptables -A INPUT -p tcp --dport 22 -s $address -j ACCEPT
done
iptables -A INPUT -p tcp --dport 22 -j DROP
NOTE: My “INPUT” chain is being used only for SSH. I use Cloudflare Zero Trust for web access. If you have more rules in the “INPUT” chain, make sure you update the script.
I put the line below in the crontab, it makes the script run daily:
@daily /opt/scripts/iptables-Cloudflare.sh
Thank you.