free website templates

Cloudflare Zero Trust DNS Filtering Gateway Auto Update Change Public IP Setup Solved

OVERVIEW
 
Cloudflare Zero Trust DNS Filtering is a cloud-based security service that protects users by controlling and inspecting DNS requests before a connection to a website is made. Instead of just resolving domain names to IP addresses, it analyzes DNS queries in real time and blocks access to malicious, suspicious, or inappropriate domains based on security policies you define. This helps stop threats like phishing, malware, ransomware, and command-and-control callbacks before they reach devices. Because it’s part of a Zero Trust model, access decisions are made based on identity, device posture, and policy rules—not just network location. It works for users on-site or remote, and can be deployed through the Cloudflare WARP client, network routers, or secure gateway policies. In short, Cloudflare Zero Trust DNS filtering adds a protective security layer at the DNS level, reducing attack surface and giving administrators visibility and control over internet usage.


Configuration
    

This documemtaion does not go into actually setting up the service at Cloudflare One, instead focus on the BASH script for updating a change IP address for users using the free tier of Cloudflare One gateway. On linux setup a cron job to execute script every so often to check for dynamic ip change from your ISP and update Cloudflare gateway with new IP to keep location secure. See script below.

Bash 
    
#!/bin/bash

API_TOKEN="your_api_token"
ACCOUNT_ID="your_account_id"
LOCATION_ID="your_location_id"

# Get current public IP
CURRENT_IP=$(curl -s https://api.ipify.org)
CIDR_IP=$CURRENT_IP/32

# File to store last IP
IP_FILE="$HOME/.last_cf_ip"

if [ -f "$IP_FILE" ]; then
    LAST_IP=$(cat $IP_FILE)
else
    LAST_IP=""
fi

if [ "$CURRENT_IP" != "$LAST_IP" ]; then
    echo "IP changed to $CURRENT_IP. Updating Cloudflare..."

    curl -s -X PUT "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/locations/$LOCATION_ID" \
      -H "Authorization: Bearer $API_TOKEN" \
      -H "Content-Type: application/json" \
 --data @- <<EOF 
 {
"client_default":true,
"name":"your_location_name",
"networks":[{"network":"$CIDR_IP"}]
}
EOF

    echo $CURRENT_IP > $IP_FILE
else
    echo "IP unchanged."
fi
Copied to clipboard
 


CONTACT FORM

© Copyright 2021 Starforce.cyou - All Rights Reserved