You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
4
4
5
5
Cloudflare Gateway allows you to create custom rules to filter HTTP, DNS, and network traffic based on your firewall policies. This is a collection of scripts that can be used to get a similar experience as if you were using Pi-hole, but with Cloudflare Gateway - so no servers to maintain or need to buy a Raspberry Pi!
6
6
@@ -19,7 +19,7 @@ Cloudflare Gateway allows you to create custom rules to filter HTTP, DNS, and ne
19
19
- Automatically cleans up filter lists: removes duplicates, invalid domains, comments and more
20
20
- Works **fully unattended**
21
21
-**Allowlist support**, allowing you to prevent false positives and breakage by forcing trusted domains to always be unblocked.
22
-
- Experimental **SNI-based filtering**support that works independently of DNS settings, preventing unauthorized or malicious DNS changes from bypassing the filter.
22
+
- Experimental **SNI-based filtering** that works independently of DNS settings, preventing unauthorized or malicious DNS changes from bypassing the filter.
23
23
- Optional health check: Sends a ping request ensuring continuous monitoring and alerting for the workflow execution, or messages a Discord webhook with progress.
24
24
25
25
## Usage
@@ -39,7 +39,7 @@ Cloudflare Gateway allows you to create custom rules to filter HTTP, DNS, and ne
39
39
2. Run `npm install` to install dependencies.
40
40
3. Copy `.env.example` to `.env` and fill in the values.
41
41
4. If this is a subsequent run, execute `node cf_gateway_rule_delete.js` and `node cf_list_delete.js` (in order) to delete old data.
42
-
5. If you haven't downloaded any filters yourself, run the `node download_lists.js` command to download recommended filter lists (about 250 000 domains).
42
+
5. If you haven't downloaded any filters yourself, run the `node download_lists.js` command to download recommended filter lists (about 50 000 domains).
43
43
6. Run `node cf_list_create.js` to create the lists in Cloudflare Gateway. This will take a while.
44
44
7. Run `node cf_gateway_rule_create.js` to create the firewall rule in Cloudflare Gateway.
45
45
8. Profit!
@@ -73,6 +73,10 @@ Please note that the GitHub Action downloads the recommended blocklists and whit
73
73
74
74
Alternatively, you can install the Cloudflare WARP client and log in to Zero Trust. This method proxies your traffic over Cloudflare servers, meaning it works similarly to a commercial VPN. You need to do this if you want to use the SNI-based filtering feature, as it requires Cloudflare to inspect your raw traffic (HTTPS remains encrypted if "TLS decryption" is disabled).
75
75
76
+
### Malware blocking
77
+
78
+
The default filter lists are only optimized for ad & tracker blocking because Cloudflare Zero Trust itself comes with much more advanced security features. It's recommended that you create your own Cloudflare Gateway firewall policies that leverage those features on top of CGPS.
79
+
76
80
### Dry runs
77
81
78
82
To see if e.g. your filter lists are valid without actually changing anything in your Cloudflare account, you can set the `DRY_RUN` environment variable to 1, either in `.env` or the regular way. This will only print info such as the lists that would be created or the amount of duplicate domains to the console.
0 commit comments