Cloudflare Docs
Magic Firewall
Cloudflare Docs
Magic Firewall
GitHub icon
Visit Magic Firewall on GitHub
Set theme to dark (⇧+D)
  1. Products
  2. Magic Firewall
  3. Reference
  4. Examples

Examples

​​ Skip action

The example below blocks all tcp ports, but allows one port (8080) by using the skip action.

    curl -X POST https://api.cloudflare.com/client/v4/accounts/${account_id}/rulesets \
    -H 'Content-Type: application/json' \
    -H 'X-Auth-Email: user@example.com' \
    -H 'X-Auth-Key: 00000000000' \
    --data '{
        "name": "Example ruleset",
        "kind": "root",
        "phase": "magic_transit",
        "description": "Example ruleset description",
        "rules": [
          {
            "action": "skip",
            "action_parameters": { "ruleset": "current" },
            "expression": "tcp.dstport in { 8080 } ",
            "description": "Allow port 8080"
          },
          {
            "action": "block",
            "expression": "tcp.dstport in { 1..65535 }",
            "description": "Block all tcp ports"
          }
        ]
    }'

​​ Block a country

The example below blocks all packets with a source or destination IP address coming from Brazil by using its 2-letter country code in ISO 3166-1 Alpha 2 format.

    curl -X POST https://api.cloudflare.com/client/v4/accounts/${account_id}/rulesets \
    -H 'Content-Type: application/json' \
    -H 'X-Auth-Email: user@example.com' \
    -H 'X-Auth-Key: 00000000000' \
    --data '{
        "name": "Example ruleset",
        "kind": "root",
        "phase": "magic_transit",
        "description": "Example ruleset description",
        "rules": [
          {
            "action": "block",
            "expression": "ip.geoip.country == \"BR\"",
            "description": "Block traffic from Brazil"
          }
        ]
    }'

​​ Use an IP List

Magic Firewall supports using lists in expressions for the ip.src and ip.dst fields. The supported lists are:

  • $cf.anonymizer - Anonymizer proxies
  • $cf.botnetcc - Botnet command and control channel
  • $cf.malware - Sources of malware
  • ${rules list name} - The name of an account level Rules List
    curl -X POST https://api.cloudflare.com/client/v4/accounts/${account_id}/rulesets \
    -H 'Content-Type: application/json' \
    -H 'X-Auth-Email: user@example.com' \
    -H 'X-Auth-Key: 00000000000' \
    --data '{
        "name": "Example ruleset",
        "kind": "root",
        "phase": "magic_transit",
        "description": "Example ruleset description",
        "rules": [
          {
            "action": "block",
            "expression": "ip.src in $cf.anonymizer",
            "description": "Block traffic from an anonymizer proxy"
          }
        ]
    }'