Skip to content

[CF1] tunnels with firewall page readability #23754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 18, 2025
Merged

[CF1] tunnels with firewall page readability #23754

merged 2 commits into from
Jul 18, 2025

Conversation

@deadlypants1973
Copy link
Contributor

@deadlypants1973 deadlypants1973 commented Jul 17, 2025

Summary

Screenshots (optional)

Documentation checklist

  • The documentation style guide has been adhered to.
  • If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
  • Files which have changed name or location have been allocated redirects.

@deadlypants1973 deadlypants1973 requested review from a team and ranbel as code owners July 17, 2025 13:28
@hyperlint-ai
Copy link
Contributor

hyperlint-ai bot commented Jul 17, 2025

Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment.

We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally.

PR Change Summary

Improved the readability and structure of the 'Tunnel with Firewall' documentation, enhancing clarity on firewall configuration requirements.

  • Added a new section for configuring firewalls with detailed rules and requirements.
  • Updated outbound connection requirements for various regions and services.
  • Clarified optional features and their associated firewall rules.

Modified Files

  • src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx
How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

@github-actions
Copy link
Contributor

github-actions bot commented Jul 17, 2025

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/content/docs/cloudflare-one/connections/connect-networks/ @ranbel, @cloudflare/pcx-technical-writing

@github-actions
Copy link
Contributor

github-actions bot commented Jul 17, 2025
edited
Loading

Preview URL: https://13a9364d.preview.developers.cloudflare.com
Preview Branch URL: https://kate-fixes-tunnel-format.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall/ https://kate-fixes-tunnel-format.preview.developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall/

ranbel
ranbel reviewed Jul 17, 2025
View reviewed changes
.../docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx
| `198.41.200.13` `198.41.200.193` `198.41.200.33` `198.41.200.233` `198.41.200.53` `198.41.200.63` `198.41.200.113` `198.41.200.73` `198.41.200.43` `198.41.200.23` | `2606:4700:a8::1` `2606:4700:a8::2` `2606:4700:a8::3` `2606:4700:a8::4` `2606:4700:a8::5` `2606:4700:a8::6` `2606:4700:a8::7` `2606:4700:a8::8` `2606:4700:a8::9` `2606:4700:a8::10` | 7844 | TCP/UDP (`http2`/`quic`) |

#### `_v2-origintunneld._tcp.argotunnel.com`

Copy link
Contributor

@ranbel ranbel Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This rule is only required for firewalls that enforce SNI.

ranbel
ranbel reviewed Jul 17, 2025
View reviewed changes
.../docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx
| -------------- | -------------- | ---- | ------------- |
| Not applicable | Not applicable | 7844 | TCP (`http2`) |

This rule is only required for firewalls that enforce SNI.
Copy link
Contributor

@ranbel ranbel Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This rule is only required for firewalls that enforce SNI.

Copy link
Contributor

@ranbel ranbel Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggest moving this line to the top of the section.

ranbel
ranbel reviewed Jul 17, 2025
View reviewed changes
.../docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx Outdated

This rule is only required for firewalls that enforce SNI.

### region US
Copy link
Contributor

@ranbel ranbel Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should "region" be capitalized?

ranbel
ranbel reviewed Jul 17, 2025
View reviewed changes
.../docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx Outdated

You can implement a positive security model with Cloudflare Tunnel by blocking all ingress traffic and allowing only egress traffic from `cloudflared`. Only the services specified in your tunnel configuration will be exposed to the outside world.

## Configure your firewall
Copy link
Contributor

@ranbel ranbel Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we make a bigger distinction between "Configure your firewall" and the "Firewall configuration" header down below?

@deadlypants1973 deadlypants1973 merged commit 19e8c9d into production Jul 18, 2025
11 checks passed
@deadlypants1973 deadlypants1973 deleted the kate/fixes-tunnel-format branch July 18, 2025 10:33
sdnts pushed a commit to sdnts/cloudflare-docs that referenced this pull request Jul 24, 2025
@deadlypants1973 @sdnts
[CF1] tunnels with firewall page readability (cloudflare#23754)
45f8891 
* [CF1] tunnels with firewall page readability

* final update
thomasgauvin pushed a commit that referenced this pull request Aug 15, 2025
@deadlypants1973 @thomasgauvin
[CF1] tunnels with firewall page readability (#23754)
d31a2d2 
* [CF1] tunnels with firewall page readability

* final update
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ranbel ranbel ranbel approved these changes

Assignees

@ranbel ranbel

Labels

product:cloudflare-one size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deadlypants1973 @ranbel