simple VPS with HTTP secured by CloudFlare and SSH access

1. #iptables config of simple VPS with HTTP secured by CloudFlare and SSH access
2.  
3. #loopback
4. iptables -I INPUT 1 -i lo -j ACCEPT
5.  
6. #keep established conn's
7. iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
8.  
9. #accept inbound ssh connection
10. #NOTE: not default port
11. iptables -A INPUT -p tcp --dport 4444 -j ACCEPT
12.  
13. #ACCEPT IPv4 CloudFlare ranges
14. iptables -A INPUT -p tcp --dport 80 -s 204.93.240.0/24 -j ACCEPT
15. iptables -A INPUT -p tcp --dport 80 -s 204.93.177.0/24 -j ACCEPT
16. iptables -A INPUT -p tcp --dport 80 -s 199.27.128.0/21 -j ACCEPT
17. iptables -A INPUT -p tcp --dport 80 -s 173.245.48.0/20 -j ACCEPT
18. iptables -A INPUT -p tcp --dport 80 -s 103.22.200.0/22 -j ACCEPT
19. iptables -A INPUT -p tcp --dport 80 -s 141.101.64.0/18 -j ACCEPT
20. iptables -A INPUT -p tcp --dport 80 -s 108.162.192.0/18 -j ACCEPT
21. iptables -A INPUT -p tcp --dport 80 -s 190.93.240.0/20 -j ACCEPT
22.  
23. #DROP all other inbound connections on port 80
24. iptables -A INPUT -p tcp --dport 80 -j DROP
25.  
26. #DROP all other inbound connections choose the above or this one
27. iptables -A INPUT -j DROP
28.  
29. #enable informational loggging
30. #remember to put in the correct position, line 12 chosen in this example
31. iptables -I INPUT 12 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7