Firewall Whitelist

I’m currently developing an application that will be proxied by Cloudflare. Is it possible to whitelist Cloudflare’s IPs from my apps, so that only they can access them? I know I can apply a proxy on top, but I was just trying to see if there was a Fly-native solution.

Fly does not yet have an API to set L3 firewall rules. So, you’d have to impl it yourself.

I was just trying to see if there was a Fly-native solution

If you are using the HTTP handler, then Fly adds x-forwarded-for header containing client IP.

For TCP, you’d have to use the Proxy Proto handler if you need client IP.

For UDP, client IP is preserved.

Sounds good. It isn’t mission-critical to verify IP addresses for me, as I do other kinds of verification, but just an extra layer of protection.

1 Like

Do you know if this is planned, or in a roadmap somewhere?(If not, totally fine)

From what I gather from the forums, I don’t think it is priority for them. That said, I am not really privvy to any inside information.

There is indeed a latent demand for a programmable L3 Firewall for both out bound and in bound traffic.