让NPM面板只允许CDN回源IP访问

之前用docker安装NPM面板,并套上了CF的免费CDN,做好了规则防护。现在还差一个防止通过固定Hostname然后扫描全网ip来反查源站的保护。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/bin/bash
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -j DROP
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 173.245.48.0/20 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 103.21.244.0/22 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 103.22.200.0/22 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 103.31.4.0/22 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 141.101.64.0/18 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 108.162.192.0/18 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 190.93.240.0/20 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 188.114.96.0/20 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 197.234.240.0/22 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 198.41.128.0/17 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 162.158.0.0/15 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 104.16.0.0/13 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 104.24.0.0/14 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 172.64.0.0/13 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -p tcp -m multiport --dports 80,443 -s 131.0.72.0/22 -j RETURN
/usr/sbin/iptables -I DOCKER-USER -s 172.16.0.0/12 -j RETURN
  • nano docker_iptables.sh && chmod +x docker_iptables.sh
  • ./docker_iptables.sh

让NPM面板只允许CDN回源IP访问
https://occdn.limour.top/2287.html
Author
Limour
Posted on
September 2, 2022
Licensed under