block everything except one country
Hello,
I'm currently using the zero trust tunnel with the free security function and would like to use the custom rules to block all IPs except Germany in one or two rules, if that's possible
23 Replies
you can use one rule by taking advantage of "does not equal"
if you want to add another country, change it to "is not in" and then add to the list
thankyou
Can UDP packets be chased over the tunnel? If so, how
@Erisa ?
Would need to use Private Networking and install WARP on the client who wants to connect device
?tunnel-tcp
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:
For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/
For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/
For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/
Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.
Can I also use a rule to reduce brute force attacks?
@Erisa
Make a rate limiting rule
how
@Erisa
Cloudflare Docs
Create in the dashboard for a zone | Cloudflare Web Application Fir...
When you select the Block action in a rule you can optionally define a custom response.
I can't get it to work somehow, what needs to be entered?
I mean what are you trying to ratelimit? Free plan can only rate limit per path or by bot
so I can't minimize brute force with this
I mean yeah. That's what rate limit is for, to stop a lot of requests
That's why I'm wondering whether I can use the free version to counteract brute force
Any you can, but free version only is able to filter on path and verified bot so if you need more than that then you can't on free plan.
I just want to avoid brute force on my tunneled services because fail 2 ban doesn't run properly under docker applications
Free plan only offers path specific rate limit
So it doesn't work with the free version
I mean rate limit rules work, they just might not do what you want
How would you secure the websites now?
Entirely depends on the website
Home assistant and a few websites like heimdall and more
I would use tunnels and zero trust. I don't think those need to be public