Skip to content

NajibNour/docker-cloudflare-firewall

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.dockerignore
.dockerignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-entrypoint.sh
docker-entrypoint.sh
 
 
iptables.sh
iptables.sh
 
 

Repository files navigation

Firewall rules to whitelist Cloudflare IP addresses on ports 80 and 443 (based on confd-firewall).

Background

This image allows firewall rules to be managed by a docker container which blocks traffic to the public interface from non-whitelisted addresses. Iptable rules are added to the mangle table.

Environment Variables

  • FW_DISABLE - If set to 1, disables the firewall (removes the firewall table rules)

Usage

Run with:

$ docker run -d --name docker-cloudflare-firewall --restart=always --cap-add=NET_ADMIN --net=host virtusai/docker-cloudflare-firewall

Or with docker-compose.yml:

version: '2'
services:
  firewall:
    restart: always
    image: virtusai/docker-cloudflare-firewall
    container_name: docker-cloudflare-firewall
    cap_add:
      - NET_ADMIN
    network_mode: host

List affected rules:

Raw

$ sudo iptables-save -t mangle

Formatted

$ sudo iptables -L -n -v -t mangle

To persist the firewall rules, just run the container with the --restart=always option.

Credits

About

Url Fix

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 76.9%
  • Dockerfile 23.1%