-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the ability to Update an IP Access rule #646
Comments
Thanks for the suggestion. I have to admit I'm pretty ignorant about this part of Cloudflare API, and it does seem to be quite tricky. My immediate question is, is there a reliable way to indicate which rule(s) to delete without the invariant we are assuming between the notes on the Cloudflare server and the updater configuration? What could be helpful is that, if you have a working automatic system set up, I would like to learn how it's working now. PS: I also have to admit that I couldn't devote enough time in this project before summer 2024 to implement interesting new features; even #632 is taking me too long 😟 |
The
I don't have an automation setup yet, I found the need for it just before I opened this issue. I'll work on it and post the code here whenever I make it. |
@WolfRamAlpha12 I still feel the idea to assign meaning to supposedly totally unstructured notes is not very reliable. |
@WolfRamAlpha12 Never mind. I saw the strange documentation that described what you said. |
Appending and filtering a |
@WolfRamAlpha12 I prefer not to relying on stateful checks because they are fragile. Consider these cases:
The current stateless design is robust partly because it will eventually fix any inconsistency itself even if all of the above happen. That is, its eventual correctness does not depend on the correctness of the local state. This is the level of robustness I would like to maintain, and it's still a bit difficult for me to see how to achieve that using the current API for the IP filtering rules, but maybe you could help me see it. |
@WolfRamAlpha12 Just to clarify, I'm still happy to find a good approach with you and I thank you for the GitHub issue ❤️ |
@favonia Thank you, appreciate your willingness to work with me here. I'll keep the above scenarios in mind while trying to make my automation and see if I can come up with something that can meet the current level of robustness. |
Hi guys. I believe this feature is also what I am looking for. Whilst this tool seems amazing at doing the DDNS bit, its hard to use the outcome in a meaningful way within the cloudflare eco-system. I think the answer is 'lists'. You can create a WAF rule based on the contents of a cloudflare list. So if this tool updates an arbitrary lists content, as well as the actual A record, you now have a very powerful tool to both update the record AND make it useable within cloudflares own WAF rules to do whatever you want. Manage Account --> Configurations --> Lists If it were me, I would have the tool create and manage its own list (like "cloudflare-ddns") and whenever the IP address gets change/updated, delete all items in the list and create one single item that represents the current IP. This is a 'reserved' list that can be used in WAF rules if the user wants to, or simply ignored if users don't need that. |
@jdvuyk Thank you for providing the technical bits! I guess we can blame the users if they dare touch a list named Question: should we have one list for IPv4 and another for IPv6? Also tagging @WolfRamAlpha12 PS: I'm still quite burdened by my current daytime job... until 2024 summer at least. I wish to conclude #632 first. But I can do these "easy" discussions. 😁 |
Unsure if this falls within the scope of this project, but I have a feature request:
Here are the relevant docs: https://developers.cloudflare.com/api/operations/ip-access-rules-for-a-zone-list-ip-access-rules. It seems CF does not allow the value to be edited (only mode and notes), so upon an IP change the old one would have to be deleted and a new rule with the new IP would be created. For deletion, the API supports filtering the GET results using several optional parameters, including the notes.
Let me know if I can help out in implementing this is any way.
The text was updated successfully, but these errors were encountered: