/
pfSense rule to limit incoming connections to Cloudflare
pfSense rule to limit incoming connections to Cloudflare
- Marius Ciepluch
Owned by Marius Ciepluch
pfSense for Cloudflare services on the perimeter
Cloudflare Access Policies: it’s strongly recommended to limit connections to the origin to allow only Cloudflare IPs
Alias
pfSense allows you to use a alias (as part of the Pf functions)
% pfctl -sr | grep cflare
pass in quick on em0 reply-to (em0 144.76.Y.X)
inet proto tcp from <cflarev4> to 192.168.1.XXX
port = http flags S/SA keep state label "USER_RULE: NAT http"This alias will pull in a list of IPv4 addresses:
Define an alias with pfSense that pulls in a list of Cloudflare’s network IPs
NAT with IP restriction
The alias cflarev4 (or similar) can be used for the Source Address field, for example when defining NAT rules.
, multiple selections available,
Related content
cloudflared Zero Trust SSH and RDP, and NAT-less HTTP
cloudflared Zero Trust SSH and RDP, and NAT-less HTTP
More like this
Security Gateway
Security Gateway
More like this
Zero Trust
Zero Trust
More like this
AWS CLI list EC2 with internal and external IPs
AWS CLI list EC2 with internal and external IPs
More like this
VMware ESXi for the lab
VMware ESXi for the lab
More like this
Server setup - Jupyter 4.1 jupyter-lab for Python 3 and Rust (2024)
Server setup - Jupyter 4.1 jupyter-lab for Python 3 and Rust (2024)
More like this