Hey, a little pre amble for context of the issue I am trying to figure out, the question itself is later on but I wanted to ensure all relevant information was included.
so I have been setting up a small web host with a couple sites running in docker containers and an Nginx Proxy Manager (NPM) container to manage certificates and domain port forwarding on the internal level.
currently I have a port forward on 443 that points to the NPM container and this is working fine.
I am also using Cloud Flare for security and IP privacy.
I had trouble setting up the Cloud Flare Tunnel with my specific configuration, I know I can setup a single IP or CIDR with the port forward....
However both asus stock firmware and merlin only allow that one CIDR.
I want to provide a list of about 20 CIDRs allowed so that cloud flare connections are allowed in, but if someone tries to access the server by the direct IP (say adding the ip and domain to hosts file)
they will not gain access, thus forcing all connections through Cloud flare.
So with some research and full disclosure with some AI coding assistance for script templating, with me updating and finalizing the script.
I have a script that creates IP table rules, by downloading the list of CIDRs from cloud flare and using those.
However after running the script, the IPtables generate and they appear correct...
However I am unable to access any of the sites via domain...
but if I manually add back the port forwarding rule in the GUI with no IP restrictions... then everything starts working again.
if anyone has any insight or suggestions I would appreciate it
I attached my current script as a .txt as I was having trouble posting including it in the post.. I also created a firewall-start script that calls this script and I also plan when the script is working to setup a cron job once every 24 hours
so that any cloudflare IP changes are implemented automatically.
so I have been setting up a small web host with a couple sites running in docker containers and an Nginx Proxy Manager (NPM) container to manage certificates and domain port forwarding on the internal level.
currently I have a port forward on 443 that points to the NPM container and this is working fine.
I am also using Cloud Flare for security and IP privacy.
I had trouble setting up the Cloud Flare Tunnel with my specific configuration, I know I can setup a single IP or CIDR with the port forward....
However both asus stock firmware and merlin only allow that one CIDR.
I want to provide a list of about 20 CIDRs allowed so that cloud flare connections are allowed in, but if someone tries to access the server by the direct IP (say adding the ip and domain to hosts file)
they will not gain access, thus forcing all connections through Cloud flare.
So with some research and full disclosure with some AI coding assistance for script templating, with me updating and finalizing the script.
I have a script that creates IP table rules, by downloading the list of CIDRs from cloud flare and using those.
However after running the script, the IPtables generate and they appear correct...
However I am unable to access any of the sites via domain...
but if I manually add back the port forwarding rule in the GUI with no IP restrictions... then everything starts working again.
if anyone has any insight or suggestions I would appreciate it
I attached my current script as a .txt as I was having trouble posting including it in the post.. I also created a firewall-start script that calls this script and I also plan when the script is working to setup a cron job once every 24 hours
so that any cloudflare IP changes are implemented automatically.
