How to whitelist CloudFlare IP ranges within iptables rules (multiport)?

jessuppi asked:

There seem to be many different ways to setup whitelist rules within iptables.

What is the wisest way to whitelist the CloudFlare IP address ranges below via SSH? ( - ( - ( - ( - ( - ( - ( - ( - ( -

According to their FAQ it should be done as follows:

iptables -I INPUT -p tcp -m multiport --dports http,https -s CLOUDFLARE_IP_RANGE -j ACCEPT

However, this generates the following error:

Bad argument 'http,https'

It also does not provide for OUTPUT rules, or rules to be flushed first.

My answer:

I have never seen anyone try to use service names in that argument. Try using the equivalent numeric port numbers instead:

--dports 80,443

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.