Define an IP list

IP lists defined at the account level can be used to match against ip.src and ip.dst fields. Currently only IPv4 addresses in these lists are used as IPv6 is currently not supported in Magic Firewall.

To use this feature first create a new IP list.


curl https://api.cloudflare.com/client/v4/accounts/{account_id}/rules/lists \
--header 'Content-Type: application/json' \
--header 'X-Auth-Email: <YOUR_EMAIL>' \
--header 'X-Auth-Key: <API_KEY>' \
--data '{    "name":"iplist",    "description":"This contains IPs that should be allowed.",    "kind":"ip"}'

Add IPs to the List

Next create list items. This will add elements to the current list.


curl https://api.cloudflare.com/client/v4/accounts/{account_id}/rules/lists/{list_id}/items \
--header 'Content-Type: application/json' \
--header 'X-Auth-Email: <YOUR_EMAIL>' \
--header 'X-Auth-Key: <API_KEY>' \
--data '[    {"ip":"10.0.0.1"},    {"ip":"10.10.0.0/24"}]'

Use the List in a Rule

Finally add a Magic Firewall rule referencing the List into an existing ruleset:


curl https://api.cloudflare.com/client/v4/accounts/{account_id}/rulesets/{ruleset_id}/rules \
--header 'Content-Type: application/json' \
--header 'X-Auth-Email: <YOUR_EMAIL>' \
--header 'X-Auth-Key: <API_KEY>' \
--data '{    "action": "skip",    "action_parameters": {        "ruleset": "current"    },    "expression": "ip.src in $iplist",    "description": "Allowed IPs from iplist",    "enabled": true}'

Managed lists

You can create rules with managed lists. Managed IP Lists are lists of IP addresses maintained by Cloudflare and updated frequently.

You can access these managed lists when you create rules with either IP destination address or IP source address in the Field dropdown, and is in list or is not in list in the Operator dropdown.

For example:

Field	Operator	Value
IP destination address	is in list	Anonymizers

Define an IP list

​​ Add IPs to the List

​​ Use the List in a Rule

​​ Managed lists

Add IPs to the List

Use the List in a Rule

Managed lists