May 29, 2025

Allow Access to Traefik Running in Docker from Cloudflare IPs Using firewalld

From previous posts, I’ve explained how I setup firewalld as my firewall for my server. I experimented by using traefik as my reverse proxy. This is how I can allow only Cloudflare IPs to access traefik in port 80 running in Docker.

curl -L https://www.cloudflare.com/ips-v4 > .ips-v4
curl -L https://www.cloudflare.com/ips-v6 > .ips-v6

firewall-cmd --permanent --new-zone=cloudflare --permanent
firewall-cmd --reload

for i in `<.ips-v4`; do firewall-cmd --permanent --zone=cloudflare --add-source=$i; done
for i in `<.ips-v6`; do firewall-cmd --permanent --zone=cloudflare --add-source=$i; done

firewall-cmd --permanent --zone=cloudflare --add-port=80/tcp

firewall-cmd --reload

Source

https://gist.github.com/rojenzaman/80d4f8f0aa34180efc17c0150f1b6dfa