Hello guys, I want to port forward nginx ports to wan but only allowing cloudflare ip's while dropping others so my ports can stay stealth. is it possible?
config rule
option name 'Allow Cloudflare to Nginx'
option src 'wan'
list src_ip '103.21.244.0/22'
list src_ip '103.22.200.0/22'
list src_ip '103.31.4.0/22'
list src_ip '104.16.0.0/13'
list src_ip '104.24.0.0/14'
list src_ip '108.162.192.0/18'
list src_ip '131.0.72.0/22'
list src_ip '141.101.64.0/18'
list src_ip '162.158.0.0/15'
list src_ip '172.64.0.0/13'
list src_ip '173.245.48.0/20'
list src_ip '188.114.96.0/20'
list src_ip '190.93.240.0/20'
list src_ip '197.234.240.0/22'
list src_ip '198.41.128.0/17'
option src_port '443 80'
option dest 'lan'
list dest_ip '192.168.0.4'
option dest_port '443 80'
option target 'ACCEPT'
option enabled '0'
I want to forward ports to wan but only certain ip's can access the forwarded ports from wan. I'm not sure if I'm heading in the right direction. The rule probably doesn't make sense.
config redirect
option name 'Allow Cloudflare to Nginx'
option src 'wan'
list src_ip '103.21.244.0/22'
list src_ip '103.22.200.0/22'
list src_ip '103.31.4.0/22'
list src_ip '104.16.0.0/13'
list src_ip '104.24.0.0/14'
list src_ip '108.162.192.0/18'
list src_ip '131.0.72.0/22'
list src_ip '141.101.64.0/18'
list src_ip '162.158.0.0/15'
list src_ip '172.64.0.0/13'
list src_ip '173.245.48.0/20'
list src_ip '188.114.96.0/20'
list src_ip '190.93.240.0/20'
list src_ip '197.234.240.0/22'
list src_ip '198.41.128.0/17'
option src_dport '443 80'
option dest 'lan'
list dest_ip '192.168.0.4'
option dest_port '443 80'
option target 'ACCEPT'
Ok, this worked for me. Now my ports is stealth again, no nmap etc.
config redirect
option target 'DNAT'
option name 'Pi Nginx (1)'
option src 'wan'
option src_dport '443'
option ipset 'cloudflare'
option dest 'lan'
option dest_port '443'
option dest_ip '192.168.0.4'
config ipset
option name 'cloudflare'
option match 'src_net'
option storage 'hash:ip'
option enabled '1'
list entry '103.21.244.0/22'
list entry '103.22.200.0/22'
list entry '103.31.4.0/22'
list entry '104.16.0.0/13'
list entry '104.24.0.0/14'
list entry '108.162.192.0/18'
list entry '131.0.72.0/22'
list entry '141.101.64.0/18'
list entry '162.158.0.0/15'
list entry '172.64.0.0/13'
list entry '173.245.48.0/20'
list entry '188.114.96.0/20'
list entry '190.93.240.0/20'
list entry '197.234.240.0/22'