{"id":448,"date":"2021-09-12T01:45:00","date_gmt":"2021-09-12T01:45:00","guid":{"rendered":"https:\/\/262235.xyz\/?p=448"},"modified":"2021-09-12T01:45:00","modified_gmt":"2021-09-12T01:45:00","slug":"448","status":"publish","type":"post","link":"https:\/\/lyvba.com\/index.php\/2021\/09\/12\/448\/","title":{"rendered":"Cloudflare \u7684\u5de5\u4f5c\u539f\u7406\u548c iptables \u8bbe\u7f6e\u767d\u540d\u5355\u53ea\u5141\u8bb8\u8bbf\u95ee"},"content":{"rendered":"<h2>\u6982\u8ff0 <a href=\"https:\/\/support.cloudflare.com\/hc\/zh-cn\/articles\/201897700\">\u539f\u6587<\/a><\/h2>\n<p>\u9664\u4e86\u5185\u5bb9\u4ea4\u4ed8\u7f51\u7edc (CDN) \u670d\u52a1\uff0c\u5ba2\u6237\u8fd8\u4f9d\u8d56 Cloudflare \u7684\u5168\u5c40\u7f51\u7edc\u6765\u589e\u5f3a\u5b89\u5168\u6027\u3001\u6027\u80fd\uff0c\u4ee5\u53ca\u8fde\u63a5\u5230 Internet \u7684\u6240\u6709\u5185\u5bb9\u7684\u53ef\u9760\u6027\u3002<br \/>Cloudflare \u7684\u8bbe\u7f6e\u975e\u5e38\u7b80\u5355\u3002\u65e0\u8bba\u4ed6\u4eec\u9009\u62e9\u54ea\u4e2a\u5e73\u53f0\uff0c\u4efb\u4f55\u62e5\u6709\u7f51\u7ad9\u548c\u81ea\u5df1\u57df\u540d\u7684\u4eba\u90fd\u53ef\u4ee5\u4f7f\u7528 Cloudflare\u3002Cloudflare \u4e0d\u8981\u6c42\u5b89\u88c5\u989d\u5916\u7684\u786c\u4ef6\u6216\u8f6f\u4ef6\uff0c\u4e5f\u65e0\u9700\u66f4\u6539\u60a8\u7684\u4ee3\u7801\u3002<br \/><img decoding=\"async\" src=\"https:\/\/lyvba.com\/wp-content\/uploads\/2021\/09\/682309706.png\" alt=\"What is Cloudflare_v7.png\" title=\"What is Cloudflare_v7.png\"><\/p>\n<h2>\u5b89\u5168\u6027<\/h2>\n<p>Cloudflare \u53ef\u5728\u6076\u610f\u6d41\u91cf\u5230\u8fbe\u60a8\u7684\u6e90 Web \u670d\u52a1\u5668\u524d\u5c06\u5176\u963b\u6b62\u3002Cloudflare \u53ef\u57fa\u4e8e\u4ee5\u4e0b\u7279\u5f81\uff0c\u5206\u6790\u8bbf\u95ee\u8005\u8bf7\u6c42\u4e2d\u5b58\u5728\u7684\u6f5c\u5728\u5a01\u80c1\uff1a<\/p>\n<ul>\n<li>\u8bbf\u95ee\u8005\u7684 IP \u5730\u5740\uff0c<\/li>\n<li>\u8bf7\u6c42\u7684\u8d44\u6e90\uff0c<\/li>\n<li>\u8bf7\u6c42\u8d1f\u8f7d\u548c\u9891\u7387\uff0c\u4ee5\u53ca<\/li>\n<li>\u5ba2\u6237\u5b9a\u4e49\u7684\u9632\u706b\u5899\u89c4\u5219\u3002<br \/>\u901a\u8fc7\u67e5\u627e DNS \u6216 ping \u4ee3\u7406\u7684 Cloudflare \u5b50\u57df\uff0c\u8fd4\u56de Cloudflare IP \u5730\u5740\u3002  Cloudflare \u9488\u5bf9\u4ee3\u7406\uff08\u663e\u793a\u6a59\u8272\u4e91\uff09\u7684 DNS \u8bb0\u5f55\u5c4f\u853d\u60a8\u7684\u6e90 IP \u5730\u5740\uff0c\u8ba9\u653b\u51fb\u8005\u65e0\u6cd5\u7ed5\u8fc7 Cloudflare \u6765\u76f4\u63a5\u653b\u51fb\u60a8\u7684\u6e90 Web \u670d\u52a1\u5668\u3002<\/li>\n<\/ul>\n<h2>\u6027\u80fd<\/h2>\n<p>Cloudflare \u4e3a\u60a8\u7684\u8bbf\u95ee\u8005\u4f18\u5316\u7f51\u7ad9\u8d44\u6e90\u4ea4\u4ed8\u3002Cloudflare \u6570\u636e\u4e2d\u5fc3\u4e3a\u60a8\u7f51\u7ad9\u4e0a\u7684\u9759\u6001\u8d44\u6e90\u63d0\u4f9b\u670d\u52a1\uff0c\u5e76\u5411\u60a8\u7684\u6e90 Web \u670d\u52a1\u5668\u8bf7\u6c42\u52a8\u6001\u5185\u5bb9\u3002\u4e0e\u76f4\u63a5\u8bf7\u6c42\u60a8\u7684\u7ad9\u70b9\u76f8\u6bd4\uff0c\u901a\u8fc7 Cloudflare \u7684\u5168\u7403\u7f51\u7edc\uff0c\u60a8\u7684\u7ad9\u70b9\u8bbf\u95ee\u8005\u53ef\u4ee5\u901a\u8fc7\u66f4\u5feb\u6377\u7684\u8def\u7ebf\u8bbf\u95ee\u7f51\u7ad9\u3002\u5373\u4f7f\u60a8\u7684\u7f51\u7ad9\u4e0e\u8bbf\u95ee\u8005\u4e4b\u95f4\u5b58\u5728 Cloudflare\uff0c\u6d41\u91cf\u4ecd\u4f1a\u66f4\u5feb\u5730\u4f20\u9001\u7ed9\u60a8\u7684\u8bbf\u95ee\u8005\u3002<\/p>\n<h2>\u53ef\u9760\u6027<\/h2>\n<p>Cloudflare \u7684\u5168\u7403\u5206\u5e03\u5f0f Anycast \u7f51\u7edc\u53ef\u5c06\u8bbf\u95ee\u8005\u7684\u8bf7\u6c42\u8def\u7531\u5230\u6700\u8fd1\u7684 Cloudflare \u6570\u636e\u4e2d\u5fc3\u3002  \u9488\u5bf9\u60a8\u4ee3\u7406\u5230 Cloudflare \u7684\u6d41\u91cf\uff0cCloudflare \u5206\u5e03\u5f0f DNS \u5bf9\u4f7f\u7528\u76f8\u5e94 Cloudflare IP \u5730\u5740\u7684\u7f51\u7ad9\u8bbf\u95ee\u8005\u4f5c\u51fa\u54cd\u5e94\u3002  \u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u901a\u8fc7\u9690\u85cf\u60a8\u7684\u6e90 Web \u670d\u52a1\u5668\u7684\u7279\u5b9a IP \u5730\u5740\uff0c\u6765\u4fdd\u8bc1\u5b89\u5168\u6027\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/lyvba.com\/wp-content\/uploads\/2021\/09\/2674175537.webp\" alt=\"1.webp\" title=\"1.webp\"><\/p>\n<h2>\u5141\u8bb8 <a href=\"https:\/\/www.cloudflare.com\/ips\/\">Cloudflare IP \u5730\u5740<\/a><\/h2>\n<p>\u8981\u8ba9 Cloudflare \u5c06\u8bbf\u95ee\u8005\u8bf7\u6c42\u53d1\u9001\u5230\u60a8\u7684\u6e90 Web \u670d\u52a1\u5668\uff0c\u8bf7\u5728\u6e90 Web \u670d\u52a1\u5668\u4e0a\u5141\u8bb8 Cloudflare IP \u5730\u5740\u3002<br \/>\u53e6\u5916\uff0c\u8bf7\u53c2\u9605\u6587\u6863\u6765\u67e5\u770b\u4f7f\u7528 <a href=\"https:\/\/httpd.apache.org\/docs\/trunk\/mod\/mod_authz_core.html#require\">.htaccess<\/a> \u6216 <a href=\"https:\/\/www.linode.com\/docs\/security\/firewalls\/control-network-traffic-with-iptables\/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall\">iptables<\/a> \u5141\u8bb8 IP \u5730\u5740\u7684\u6f14\u793a\u3002\u4ee5\u4e0b\u793a\u4f8b\u5c55\u793a\u4e86\u5141\u8bb8 Cloudflare IP \u5730\u5740\u8303\u56f4\u7684 iptables \u89c4\u5219\u683c\u5f0f\u3002\u5c06\u4e0b\u65b9\u7684 $ip \u66ff\u6362\u4e3a\u4e00\u4e2a Cloudflare IP \u5730\u5740\u8303\u56f4\u3002<\/p>\n<pre><code># IPv4 \u5730\u5740\u8303\u56f4\uff1a\niptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT\n\n# IPv6 \u5730\u5740\u8303\u56f4\uff1a\nip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT<\/code><\/pre>\n<h2>\u4f5c\u4e3a\u5b66\u4e60\uff0c\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u6765\u6d4b\u8bd5\uff0c\u628a\u81ea\u5df1\u5173\u95e8\u5916\u4e5f\u53ef\u4ee5\u901a\u8fc7\u91cd\u542f\u7cfb\u7edf\u6765\u89e3\u51b3<\/h2>\n<ul>\n<li>\n<p>\u6dfb\u52a0cloudflare ips-v4\u5230 iptables \u767d\u540d\u5355\u7684\u547d\u4ee4<\/p>\n<pre><code>for i in \"curl https:\/\/www.cloudflare.com\/ips-v4\";\n  do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT;\ndone<\/code><\/pre>\n<\/li>\n<li>\n<p>\u6dfb\u52a0cloudflare ips-v6 iptables \u767d\u540d\u5355\u7684\u547d\u4ee4<\/p>\n<pre><code>for i in \"curl https:\/\/www.cloudflare.com\/ips-v6\";\n  do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT;\ndone<\/code><\/pre>\n<\/li>\n<li>\n<p>\u4e22\u5f03\u767d\u540d\u5355\u4ee5\u5916\u7684 ipv4 80,443 tcp \u5305<\/p>\n<pre><code>iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP<\/code><\/pre>\n<\/li>\n<li>\n<p>\u4e22\u5f03\u767d\u540d\u5355\u4ee5\u5916\u7684 ipv6 80,443 tcp \u5305<\/p>\n<pre><code>ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP<\/code><\/pre>\n<h3>\u5982\u679c\u4f60\u6709\u66f4\u591a\u9700\u6c42,\u8bf7\u53c2\u8003\u4e0b\u9762\u6587\u7ae0<\/h3>\n<\/li>\n<li><a href=\"https:\/\/www.lyvba.com\/index.php\/tag\/iptables\/\">https:\/\/www.lyvba.com\/index.php\/tag\/iptables\/<\/a><\/li>\n<li><a href=\"https:\/\/support.cloudflare.com\/hc\/zh-cn\/articles\/201897700\">https:\/\/support.cloudflare.com\/hc\/zh-cn\/articles\/201897700<\/a><\/li>\n<li><a href=\"https:\/\/www.linode.com\/docs\/security\/firewalls\/control-network-traffic-with-iptables\/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall\">https:\/\/www.linode.com\/docs\/security\/firewalls\/control-network-traffic-with-iptables\/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8ff0 \u539f\u6587 \u9664\u4e86\u5185\u5bb9\u4ea4\u4ed8\u7f51\u7edc (CDN) \u670d\u52a1\uff0c\u5ba2\u6237\u8fd8\u4f9d\u8d56 Cloudflare \u7684\u5168\u5c40\u7f51\u7edc\u6765\u589e\u5f3a\u5b89 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[47],"class_list":["post-448","post","type-post","status-publish","format-standard","hentry","category-vps","tag-iptables"],"_links":{"self":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/posts\/448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/comments?post=448"}],"version-history":[{"count":0,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/posts\/448\/revisions"}],"wp:attachment":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/media?parent=448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/categories?post=448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/tags?post=448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}