Update Hetzner Cloud firewall rules with Cloudflare IP ranges
Project description
Update Hetzner Cloud Firewall Rules with Current Cloudflare IP Ranges
This tool, cf-ips-to-hcloud-fw, helps you keep your Hetzner Cloud firewall
rules up-to-date with the current Cloudflare IP ranges.
Table of Contents
Overview
cf-ips-to-hcloud-fw fetches the current Cloudflare IP
ranges and updates your Hetzner Cloud firewall
rules using the hcloud
API.
The tool specifically targets incoming firewall rules and replaces the
networks with Cloudflare networks if their description contains
__CLOUDFLARE_IPS_V4__, __CLOUDFLARE_IPS_V6__ or __CLOUDFLARE_IPS__.
| Text in rule description | Cloudflare IP ranges |
|---|---|
__CLOUDFLARE_IPS_V4__ |
IPv4 only |
__CLOUDFLARE_IPS_V6__ |
IPv6 only |
__CLOUDFLARE_IPS__ |
IPv4 + IPv6 |
Note: Having both __CLOUDFLARE_IPS_V4__ and __CLOUDFLARE_IPS_V6__ in a rule
description is equivalent to having __CLOUDFLARE_IPS__ there.
Installation
Using Python
To install cf-ips-to-hcloud-fw using Python, follow these steps:
-
Create a virtual environment:
python3 -m venv cf-ips-to-hcloud-fw-venv
-
Install cf-ips-to-hcloud-fw into the virtual environment:
./cf-ips-to-hcloud-fw-venv/bin/pip3 install cf-ips-to-hcloud-fw
-
Verify the installation:
./cf-ips-to-hcloud-fw-venv/bin/cf-ips-to-hcloud-fw -h
You should see the usage information for cf-ips-to-hcloud-fw.
Docker and Kubernetes
As an alternative, cf-ips-to-hcloud-fw can be run using Docker or a Kubernetes
CronJob. Simply mount your configuration file as /usr/src/app/config.yaml.
Here's an example using Docker:
docker run --rm \
--mount type=bind,source="$(pwd)"/config.yaml,target=/usr/src/app/config.yaml,readonly \
jkreileder/cf-ips-to-hcloud-fw:1.0
You can find the Docker images at:
Configuration
Preparing the Hetzner Cloud Firewall
To prepare your Hetzner Cloud Firewall:
- Include
__CLOUDFLARE_IPS_V4__,__CLOUDFLARE_IPS_V6__, or__CLOUDFLARE_IPS__in the description of any incoming firewall rule where you want to insert Cloudflare networks. - Generate an API token with write permissions for the project that contains the firewall.
Configuring the Application
To configure the application, add your tokens and the names of any firewalls you
want to update to config.yaml:
- token: cHJvamVjdGF0b2tlbgAd43 # token for project a
firewalls:
- firewall-1
- firewall-2
- token: cHJvamVjdGJ0b2tlbgDas3 # token for project b
firewalls:
- default
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for cf-ips-to-hcloud-fw-1.0.3.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 68efff752c1734a8485df407ddca9f1914ac687d086215df6761ebbf6a9f0bbe |
|
| MD5 | b526b31258b235937b54233491273834 |
|
| BLAKE2b-256 | 5611c30b3a30158994fbe70638e38a43e8e9ffd41d904ef98ed87b3925ed06d3 |
Hashes for cf_ips_to_hcloud_fw-1.0.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 47a11edbb7256f0014f8da86fac21c0de7894dff25591d72f8eb31ec5f4067c5 |
|
| MD5 | 288607a73b9b04aaacd04ea5b5f62337 |
|
| BLAKE2b-256 | 91c6fe41a704653a20ffd8a9c44575cc4aae484ba0a3270724bc2009ce552d8d |
