Firewall rules to whitelist Cloudflare IP addresses on ports 80 and 443 (based on confd-firewall).

Background

This image allows firewall rules to be managed by a docker container which blocks traffic to the public interface from non-whitelisted addresses. Iptable rules are added to the mangle table.

Environment Variables

FW_DISABLE - If set to 1, disables the firewall (removes the firewall table rules)

Usage

Run with:

$ docker run -d --name docker-cloudflare-firewall --restart=always --cap-add=NET_ADMIN --net=host virtusai/docker-cloudflare-firewall

Or with docker-compose.yml:

version: '2'
services:
  firewall:
    restart: always
    image: virtusai/docker-cloudflare-firewall
    container_name: docker-cloudflare-firewall
    cap_add:
      - NET_ADMIN
    network_mode: host

List affected rules:

Raw

$ sudo iptables-save -t mangle

Formatted

$ sudo iptables -L -n -v -t mangle

To persist the firewall rules, just run the container with the --restart=always option.

Credits

confd-firewall (by colinmollenhour)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Background

Environment Variables

Usage

Credits

Files

README.md

Latest commit

History

README.md

File metadata and controls

Background

Environment Variables

Usage

Credits