Using Cloudflare WARP, inbound packets are blocked by Firewall Policy

When I connect to my remote linux Instance while using Cloudflare WARP, inbound packets are blocked by Firewall Policy.

Inbound policy was set based on IP.

The IP is the same when using and without Cloudflare WARP, but when WARP is activated, it is blocked by Inbound policy.

How did you check that?

Yes, it’s the same because I selected my IP option while connected through WARP in the firewall policy. However, I don’t know exactly how the L4 router recognizes the sender IP.

As Cloudflare WARP needs to communicate with your Linux server via one of its exit nodes, your Linux server will see incoming traffic from Cloudflare IP instead of your own IP. This is where your firewall does not recognize the traffic coming from WARP exit node, thus block the traffic,

1 Like

Is there any way to know the source IP when using WARP? If the IP varies depending on the location of the last node, it seems that the stability cannot be guaranteed in the IP-based authentication service.

I can’t find this information documented anywhere, so I don’t think it’s a good way to allow someone based on their source IP (especially when the user is connected to some sort of VPN including WARP). However, you should adopt Zero Trust access instead, so that every access attempt to your server can be authenticated using the user’s identity (email address), assume that you are accessing your server via SSH. You can consider using Cloudflare Access to do that.

https://developers.cloudflare.com/cloudflare-one/tutorials/ssh

1 Like

Sincerely, thank you for your answer.

Have a good day.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.