I have hit paydirt in some old-timer’s post on Cloudflare, to wit, this:
How do I whitelist Cloudflare’s IP addresses in iptables?
*MY QUESTION IS AT THE BOTTOM OF THIS PASTE.
LOCATED MID-WAY down the instructions states this:
An alternative to having a long list of iptables rules for each network range is to use a utility called ipset.
Create an ipset set:
ipset create cf hash:net
Now populate the set with Cloudflare IP ranges:
for x in $(curl https://www.cloudflare.com/ips-v4); do ipset add cf $x; done
You can use the ‘cf’ set now in a iptables rule like so:
iptables -A INPUT -m set --match-set cf src -p tcp -m multiport --dports http,https -j ACCEPT
Once you run the iptables commands, you will need to save the iptables rules. The top two commands are used for IPv4 and the bottom two for IPv6.
iptables-save > /etc/iptables/rules.v4
iptables-save > /etc/sysconfig/iptables
ip6tables-save > /etc/iptables/rules.v6
ip6tables-save > /etc/sysconfig/ip6tables
Note: These rules only apply to your iptables and do not work for any additional firewalls.
!QUESTION!: Since Cloudflare’s ipset worked miracles on my server…can I use this on every computer in my house ??? I only ask because my elderly mom (I’m old too) is having a less than pleasant online experience at times.
Thanks for any input~"