I have set up my domain (montglane.com) in cloudflare, nameservers working and all the initial set up seems fine. Now I want to limit access to my API only to requests served through cloudflare, so this is what I did:
- Added an A record to
apipointing to my server
- Set SSL to Off in cloudflare
- Opened port 6000 in my router and routed it to this server
- Tested that I can reach my dummy app with
curl -X GET -i <my-external-ip>:6000
- Enabled development mode and purged all cache
- Added iptable rules to limit access only to cloudflare ips, the rules look like this:
iptables -I INPUT -p tcp -m tcp -m state --state NEW,ESTABLISHED -s 22.214.171.124/20 -j ACCEPT
ip6tables -I INPUT -p tcp -m tcp -m state --state NEW,ESTABLISHED -s 2400:cb00::/32 -j ACCEPT
and so on with all the other ips. The last iptable rule is to drop all packets of course.
Am I missing anything obvious?