SSH access on specific IPs only using Spectrum

I’ve tried out Spectrum since Cloudflare just added it to all paid plans.

One thing I’m interested in doing is locking down SSH to specific IPs only while using Spectrum, without using Cloudflare Access (Argo is not affordable so this is not something I can use)

I see that IP access rules are supported, but I can’t create a whitelist with that, and it doesn’t seem like firewall rules work with Spectrum at all.

Is what I’m trying to do possible?

Not yet. I’ve been trying the same. And coming through Cloudflare, I can’t tell my server firewall to block, because all inbound traffic looks the same. Too bad there’s no forwarding header in SSH to say where the connection is really coming from.


I’m looking to use Spectrum for SSH. Ideally I’d like to fully lock it down so that a) It’s me and only me with access, b) use key-based auth & c) use an origin IP that differs from my domain’s solely because I’d like to test out tunneling via SSH into an AsusWRT router that’s flashed with custom firmware (Merlin-ASUWRT). If all of the above were possible I’d be able to safely have remote access with which to use when installing / updating / creating custom scripts on a JFFS partition.