Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/erisa/hetzner-firewall-cfworker

Use Cloudflare Workers Cron Triggers to keep your Hetzner Cloud Firewall allowing the latest list of Cloudflare IPs, or any other lists!
https://github.com/erisa/hetzner-firewall-cfworker

cloudflare-worker cloudflare-workers hetzner-cloud

Last synced: about 1 month ago
JSON representation

Use Cloudflare Workers Cron Triggers to keep your Hetzner Cloud Firewall allowing the latest list of Cloudflare IPs, or any other lists!

Host: GitHub
URL: https://github.com/erisa/hetzner-firewall-cfworker
Owner: Erisa
Created: 2022-04-22T23:53:51.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-07-02T02:04:39.000Z (6 months ago)
Last Synced: 2024-11-02T14:36:38.413Z (about 2 months ago)
Topics: cloudflare-worker, cloudflare-workers, hetzner-cloud
Language: TypeScript
Homepage:
Size: 183 KB
Stars: 19
Watchers: 1
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Hetzner Cloud Firewall automation with Cloudflare Workers

Heavily inspired by [xopez/Hetzner-Cloud-Firewall-API-examples](https://github.com/xopez/Hetzner-Cloud-Firewall-API-examples), this repository holds a Cloudflare Worker which updates a [Hetzner Cloud](https://www.hetzner.com/cloud) Firewall to use the latest list of [Cloudflare IP ranges](https://www.cloudflare.com/en-gb/ips/) on a Cron Trigger.

## Requirements
- Hetzner Cloud account
- Wrangler: `npm i -g wrangler`
- Cloudflare account configured to deploy Workers

## Usage
- Create a Firewall on Hetzner Cloud that you want to set to the Cloudflare IPs.
- Set the ports you want to allow through the Firewall in the `PORTS` variable of `wrangler.toml`
- Enter the ID of the Firewall in `FIREWALL_ID`. You can find this as the nuumber after `/firewalls/` in the console URl when visiting the Firewall.
- Create a Hetzner Cloud API Token and set it with `wrangler secret put API_TOKEN`.
- (Optional) Secure your `workers.dev` domain by adding an extra secret to manual REST calls:
- `wrangler secret put WORKER_SECRET`
- This secret will need to be in the `Authorization` header to trigger the Worker manually over HTTPS, but only if the secret is defined. Cron triggers are automatic and unaffected.

## Creativity

If allowing Cloudflare IPs is not your jam, it should be easy to edit `src/index.ts` and replace the two URLs with any other URLs that produce a newline-seperated list of IP ranges, allowing you to allowlist any service you desire.

Remember to remove the `rules.concat` line if you only end up having one list.