A self-contained hardening script for Debian/Ubuntu/windows servers that only allows HTTP(S) traffic from Cloudflare's official IP ranges. It fetches Cloudflare's latest CIDR lists, writes nftables sets, and keeps the configuration transactional so you can safely apply, update, or roll back with a single command.
cdn cloudflare authenticated access-control cloudflare-security authenticated-origin-pulls origin-security securityfirewall
-
Updated
Jan 28, 2026 - Shell