Why does my IPTables changes not deny access from all IP addresses except CloudFlare’s ranges?

Posted August 8, 2020 97

Hi. I am running apache on ubuntu 18.04. I used IPtables to deny access from all IP addressed except CloudFlare’s ranges and when I run iptables -L –line-number I get

1 ACCEPT tcp – 131.0.72.0/22 anywhere multiport dports http,https
2 ACCEPT tcp – 172.64.0.0/13 anywhere multiport dports http,https
3 ACCEPT tcp – 104.16.0.0/12 anywhere multiport dports http,https
4 ACCEPT tcp – 162.158.0.0/15 anywhere multiport dports http,https
5 ACCEPT tcp – 198.41.128.0/17 anywhere multiport dports http,https
6 ACCEPT tcp – 197.234.240.0/22 anywhere multiport dports http,https
7 ACCEPT tcp – 188.114.96.0/20 anywhere multiport dports http,https
8 ACCEPT tcp – 190.93.240.0/20 anywhere multiport dports http,https
9 ACCEPT tcp – 108.162.192.0/18 anywhere multiport dports http,https
10 ACCEPT tcp – 141.101.64.0/18 anywhere multiport dports http,https
11 ACCEPT tcp – 103.31.4.0/22 anywhere multiport dports http,https
12 ACCEPT tcp – 103.22.200.0/22 anywhere multiport dports http,https
13 ACCEPT tcp – 103.21.244.0/22 anywhere multiport dports http,https
14 ACCEPT tcp – 173.245.48.0/20 anywhere multiport dports http,https
15 ufw-before-logging-input all – anywhere anywhere
16 ufw-before-input all – anywhere anywhere
17 ufw-after-input all – anywhere anywhere
18 ufw-after-logging-input all – anywhere anywhere
19 ufw-reject-input all – anywhere anywhere
20 ufw-track-input all – anywhere anywhere
21 DROP tcp – anywhere anywhere multiport dports http,https

The exact command I ran was:

sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 173.245.48.0/20 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 103.21.244.0/22 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 103.22.200.0/22 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 103.31.4.0/22 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 141.101.64.0/18 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 108.162.192.0/18 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 190.93.240.0/20 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 188.114.96.0/20 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 197.234.240.0/22 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 198.41.128.0/17 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 162.158.0.0/15 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 104.16.0.0/12 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 172.64.0.0/13 -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport –dports http,https -s 131.0.72.0/22 -j ACCEPT

sudo iptables -A INPUT -p tcp -m multiport –dports http,https -j DROP

Why am I still able to access the website from direct Digitalocean droplet IP address? Thanks

Add a comment

By:

johnaraon

Add a comment

Related

Question

Why does my IPTables changes not deny access from all IP addresses except CloudFlare’s ranges?

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Why does my IPTables changes not deny access from all IP addresses except CloudFlare’s ranges?

Leave a comment

Related

question

Why does my IPTables changes not deny access from all IP addresses except CloudFlare’s ranges?

question

GUI for MongoDB needed to mange Meteor app

question

Why are snapshots so slow

question

Connect to DB installed into dedicated VPS (private networking)

Looking for something else?