Outbound Firewall rules to allow Argo Tunnel

So I got argo tunnel setup.

So to simplify things I am just allowing all outbound traffic of 80, 443, and 7844 just to get things started. Now that I can see I got argo configured and runing correctly. I want to tighten down these firewall rules.

So my first question is 7844 the port it will always use or may it change if the tunnel gets restarted?

The second question is there a subset of argo specific IP’s I should allow connections to from the server or should I just include all of Cloudflares IP range? Obviously I’d prefer to be as granular as possible.

cloudflared will always connect to Cloudflare edge port 7844.

I’m not really sure about that. Just allow all Cloudflare IPs for now.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.