Cloudflare Docs

Cloudflare Docs

Overview
Concepts
Zone setups
Full setup
Setup
Partial (CNAME) setup
Setup
Convert to full setup
DNS resolution
DNS Zone transfers
Cloudflare as Primary
Setup
Cloudflare as Secondary
Setup
Proxy traffic
Access Control Lists (ACLs)
Cloudflare IP addresses
Create ACL
Troubleshooting
Subdomain setup
Setup
Migrate to new account
Enable DNSSEC
Reference
Domain statuses
Nameserver assignment
Troubleshooting
Nameservers
DNS_PROBE_FINISHED_NXDOMAIN
Cannot add domain
Domain deleted from Cloudflare
DNS records
How to
Manage DNS records
Import and export records
Create root domain
Create subdomain
Set up email records
Use dynamic IP addresses
Round-robin DNS
Delegating Subdomains
Reference
Proxy status
DNS record types
Time to Live (TTL)
Record attributes
Wildcard DNS records
Vendor-specific DNS records
Troubleshooting
Add records
Exposed IP addresses
CNAME flattening
Setup
Example diagram
Additional options
Custom nameservers
DNSSEC
Troubleshooting
Analytics and logs
Reverse zones and PTR records
DNS Firewall
Setup
Analytics
FAQ
Random prefix attack mitigation
About
Setup
Reference
Analytics API properties
Recommended third-party tools
Troubleshooting
FAQ
DNS issues
Email issues

Create a new Access Control List

You need to create an Access Control List (ACL) in certain situations:

If Cloudflare is your primary DNS provider, create an ACL to specify additional IPs Cloudflare should accept zone transfer requests from.
If Cloudflare is your secondary DNS provider, create an ACL to specify additional NOTIFY IPs that Cloudflare should listen to.

An ACL is configured at the account level, which means that it will apply to every primary and secondary zone in your account.

Using the dashboard

To create a new ACL using the dashboard:

Log in to the Cloudflare dashboard and select an account.
Go to Manage Account > Configurations.
Go to DNS Zone Transfers.
For ACL, click Create.
Enter the following information:
- ACL name: Provide a descriptive name.
- IP range: Enter a range of IPv4 or IPv6 addresses (limited to a maximum of /24 for IPv4 and /64 for IPv6).
Click Create.

Using the API

To create a new ACL using the API, send a POST request.