How to really use cloudflare for web servers ( Geo Blocking )

Hi there , we’re going to see how we can really use cloudflare + pfsense to protect our server .

as you already know when we put our web servers behind Cloudflare it means that our servers should only response to Cloudflare IP address ranges … to achieve this goal we have several options like Iptables ( on host ) and …

but today we’re going to see how we can do it in above layer ( network ) .

we need pfblocker-ng package to create an alias based on Cloudflare Ip addresses .

so just go ahead and install it :)

now we’re going to config Pfblocker :

remember to enable it :D

well , go to IPv4 tab and create a new record for Cloudflare Ip addresses :

Cloudflare ip addresses alias

now you need to press update button to alias be created :

well an alias has been created .

we can create our rules now based on the Cloudfare IP addresses :

go to rules / floating and create them as below

general look of the rules

here is inside look of the rules :

Allow cloudflare
Deny others :)

hint : you may want do this for specific ports like 80,443 and …

we could follow the described steps for blocking IP addresses based on geo or only allow specific countries to access our servers .

I hope you like it , thanks 4 reading .