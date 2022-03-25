Examples
The example below blocks all tcp ports, but allows one port (8080) by using the skip action.
curl -X POST https://api.cloudflare.com/client/v4/accounts/${account_id}/rulesets \
-H 'Content-Type: application/json' \
-H 'X-Auth-Email: [email protected]' \
-H 'X-Auth-Key: 00000000000' \
--data '{
"name": "Example ruleset",
"kind": "root",
"phase": "magic_transit",
"description": "Example ruleset description",
"rules": [
{
"action": "skip",
"action_parameters": { "ruleset": "current" },
"expression": "tcp.dstport in { 8080 } ",
"description": "Allow port 8080"
},
{
"action": "block",
"expression": "tcp.dstport in { 1..65535 }",
"description": "Block all tcp ports"
}
]
}'
Block a country
The example below blocks all packets with a source or destination IP address coming from Brazil by using its 2-letter country code in ISO 3166-1 Alpha 2 format.
curl -X POST https://api.cloudflare.com/client/v4/accounts/${account_id}/rulesets \
-H 'Content-Type: application/json' \
-H 'X-Auth-Email: [email protected]' \
-H 'X-Auth-Key: 00000000000' \
--data '{
"name": "Example ruleset",
"kind": "root",
"phase": "magic_transit",
"description": "Example ruleset description",
"rules": [
{
"action": "block",
"expression": "ip.geoip.country == \"BR\"",
"description": "Block traffic from Brazil"
}
]
}'
Use an IP List
Magic Firewall supports using lists in expressions for the
ip.src and
ip.dst fields. The supported lists are:
$cf.anonymizer- Anonymizer proxies
$cf.botnetcc- Botnet command and control channel
$cf.malware- Sources of malware
${rules list name}- The name of an account level Rules List
curl -X POST https://api.cloudflare.com/client/v4/accounts/${account_id}/rulesets \
-H 'Content-Type: application/json' \
-H 'X-Auth-Email: [email protected]' \
-H 'X-Auth-Key: 00000000000' \
--data '{
"name": "Example ruleset",
"kind": "root",
"phase": "magic_transit",
"description": "Example ruleset description",
"rules": [
{
"action": "block",
"expression": "ip.src in $cf.anonymizer",
"description": "Block traffic from an anonymizer proxy"
}
]
}'