Static anycast IPs

Our customers would like to add outbound rules to our servers, which are abstracted by Cloudflare anycast. All source CF IP’s are published here ( ). I cannot find any discussion or publication that documents the destination (anycast) IPs. I do see that the same two IPs are returned when I dig on our CF protected site but we need to know if they are truly static and something we can provide to our customers.

To be more blunt, I see the below two A records for my abstracted hostname. Is it possible that these ips will change? Is there a list of available anycast ips that we can use for outbound FW rules.

$ dig @{{ various-authority }} {{ my-hostname }}
{{ my-hostname }}. 300 IN	A
{{ my-hostname }}. 300 IN	A

Yes, it is possible. Should not happen often but there is a chance.

If you trust your customers to not reveal your origin IP address, you could give it to them to whitelist & put in their HOSTS file so they are just routed around Cloudflare.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.