1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
table inet filter { # https://www.cloudflare.com/ips-v4
set cloudflare_ipv4 {
type ipv4_addr
flags interval
elements = {
173.245.48.0/20,
103.21.244.0/22,
103.22.200.0/22,
103.31.4.0/22,
141.101.64.0/18,
108.162.192.0/18,
190.93.240.0/20,
188.114.96.0/20,
197.234.240.0/22,
198.41.128.0/17,
162.158.0.0/15,
104.16.0.0/13,
104.24.0.0/14,
172.64.0.0/13,
131.0.72.0/22
}
}
# https://www.cloudflare.com/ips-v6
set cloudflare_ipv6 {
type ipv6_addr
flags interval
elements = {
2400:cb00::/32,
2606:4700::/32,
2803:f800::/32,
2405:b500::/32,
2405:8100::/32,
2a06:98c0::/29,
2c0f:f248::/32
}
}
chain output {
type filter hook output priority 0
policy accept
ip daddr @cloudflare_ipv4 counter reject
ip6 daddr @cloudflare_ipv6 counter reject
}
chain input {
type filter hook output priority 0
policy accept
ip saddr @cloudflare_ipv4 counter reject
ip6 saddr @cloudflare_ipv6 counter reject
}
}
|
