Cloudflare Tunnel
I have cloudflare tunnel that I manage through the cloudflare (Zero Trust) website. This tunnel is mainly used to allow access to my server which hosts a website along with an API. What ports / protocols needs to be allowed for the tunnel to work with a VPS like an AWS EC2 instance? I can get the tunnel to work, but only if I allow all traffic and all protocols in my security group. Thanks!
2 Replies
Cloudflare Docs
Tunnel with firewall · Cloudflare Zero Trust docs
You can implement a positive security model with Cloudflare Tunnel by blocking all ingress traffic and allowing only egress traffic from cloudflared. Only the services specified in your tunnel configuration will be exposed to the outside world.
Thanks! I'll check that out.
Not sure if you'll know this, but in my security group I allowed
2606:4700:100::/48 as per the article above for UDP ports. When I did this it did not work. When I allow 2606:4700::/24 it works fine. Any reason why the more restrictive IP is not working?