No Cloudflare please

From Kromonos, 7 Months ago, written in Bash.
URL https://paste.bka.li/view/06d38093
Embed
Download Paste or View Raw
  1. #!/bin/bash
  2. # Create new chains
  3. iptables -N cloudflare-incoming
  4. iptables -N cloudflare-outgoing
  5. ip6tables -N cloudflare-incoming
  6. ip6tables -N cloudflare-outgoing
  7.  
  8. # IPv4
  9. iptables -I cloudflare-incoming -s 173.245.48.0/20 -j DROP
  10. iptables -I cloudflare-incoming -s 103.21.244.0/22 -j DROP
  11. iptables -I cloudflare-incoming -s 103.22.200.0/22 -j DROP
  12. iptables -I cloudflare-incoming -s 103.31.4.0/22 -j DROP
  13. iptables -I cloudflare-incoming -s 141.101.64.0/18 -j DROP
  14. iptables -I cloudflare-incoming -s 108.162.192.0/18 -j DROP
  15. iptables -I cloudflare-incoming -s 190.93.240.0/20 -j DROP
  16. iptables -I cloudflare-incoming -s 188.114.96.0/20 -j DROP
  17. iptables -I cloudflare-incoming -s 197.234.240.0/22 -j DROP
  18. iptables -I cloudflare-incoming -s 198.41.128.0/17 -j DROP
  19. iptables -I cloudflare-incoming -s 162.158.0.0/15 -j DROP
  20. iptables -I cloudflare-incoming -s 104.16.0.0/12 -j DROP
  21. iptables -I cloudflare-incoming -s 172.64.0.0/13 -j DROP
  22. iptables -I cloudflare-incoming -s 131.0.72.0/22 -j DROP
  23. iptables -I cloudflare-outgoing -d 173.245.48.0/20 -j DROP
  24. iptables -I cloudflare-outgoing -d 103.21.244.0/22 -j DROP
  25. iptables -I cloudflare-outgoing -d 103.22.200.0/22 -j DROP
  26. iptables -I cloudflare-outgoing -d 103.31.4.0/22 -j DROP
  27. iptables -I cloudflare-outgoing -d 141.101.64.0/18 -j DROP
  28. iptables -I cloudflare-outgoing -d 108.162.192.0/18 -j DROP
  29. iptables -I cloudflare-outgoing -d 190.93.240.0/20 -j DROP
  30. iptables -I cloudflare-outgoing -d 188.114.96.0/20 -j DROP
  31. iptables -I cloudflare-outgoing -d 197.234.240.0/22 -j DROP
  32. iptables -I cloudflare-outgoing -d 198.41.128.0/17 -j DROP
  33. iptables -I cloudflare-outgoing -d 162.158.0.0/15 -j DROP
  34. iptables -I cloudflare-outgoing -d 104.16.0.0/12 -j DROP
  35. iptables -I cloudflare-outgoing -d 172.64.0.0/13 -j DROP
  36. iptables -I cloudflare-outgoing -d 131.0.72.0/22 -j DROP
  37.  
  38. # IPv6
  39. ip6tables -I cloudflare-incoming -s 2400:cb00::/32 -j DROP
  40. ip6tables -I cloudflare-incoming -s 2606:4700::/32 -j DROP
  41. ip6tables -I cloudflare-incoming -s 2803:f800::/32 -j DROP
  42. ip6tables -I cloudflare-incoming -s 2405:b500::/32 -j DROP
  43. ip6tables -I cloudflare-incoming -s 2405:8100::/32 -j DROP
  44. ip6tables -I cloudflare-incoming -s 2a06:98c0::/29 -j DROP
  45. ip6tables -I cloudflare-incoming -s 2c0f:f248::/32 -j DROP
  46. ip6tables -I cloudflare-outgoing -d 2400:cb00::/32 -j DROP
  47. ip6tables -I cloudflare-outgoing -d 2606:4700::/32 -j DROP
  48. ip6tables -I cloudflare-outgoing -d 2803:f800::/32 -j DROP
  49. ip6tables -I cloudflare-outgoing -d 2405:b500::/32 -j DROP
  50. ip6tables -I cloudflare-outgoing -d 2405:8100::/32 -j DROP
  51. ip6tables -I cloudflare-outgoing -d 2a06:98c0::/29 -j DROP
  52. ip6tables -I cloudflare-outgoing -d 2c0f:f248::/32 -j DROP
  53.  
  54. # Whitelist GitLab.com. But only one way
  55. iptables -I cloudflare-outgoing -d 172.65.251.78 -j ACCEPT
  56. ip6tables -I cloudflare-outgoing -d 2606:4700:90:0:f22e:fbec:5bed:a9b9 -j ACCEPT
  57.  
  58. iptables -A cloudflare-incoming -j RETURN
  59. iptables -A cloudflare-outgoing -j RETURN
  60. iptables -I INPUT -j cloudflare-incoming
  61. iptables -I OUTPUT -j cloudflare-outgoing
  62.