Hello.
I have set up my domain (montglane.com) in cloudflare, nameservers working and all the initial set up seems fine. Now I want to limit access to my API only to requests served through cloudflare, so this is what I did:
- Added an A record to
api
pointing to my server - Set SSL to Off in cloudflare
- Opened port 6000 in my router and routed it to this server
- Tested that I can reach my dummy app with
curl -X GET -i <my-external-ip>:6000
- Enabled development mode and purged all cache
- Added iptable rules to limit access only to cloudflare ips, the rules look like this:
iptables -I INPUT -p tcp -m tcp -m state --state NEW,ESTABLISHED -s 173.245.48.0/20 -j ACCEPT
ip6tables -I INPUT -p tcp -m tcp -m state --state NEW,ESTABLISHED -s 2400:cb00::/32 -j ACCEPT
and so on with all the other ips. The last iptable rule is to drop all packets of course.
But now if I try the same curl pointing to api.montglane.com:6000 it times out, as if the request came from another ip. I took the list of ips from here https://www.cloudflare.com/ips/
Am I missing anything obvious?