[zinekeller]

Cloudflare WARP: https://blog.cloudflare.com/1111-warp-better-vpn/

I've noticed it (https://news.ycombinator.com/item?id=28652294) when someone has quipped about SSH scans coming from Cloudflare (https://news.ycombinator.com/item?id=28651598).

It's a boon for hackers since it provides an unlimited good-quality VPN. If you want to block them (either block only for SSH or just block WARP users in retaliation), here's a list of their IPs: https://www.cloudflare.com/ips/

[skonteam]

Yeah, you are right probably someone behind the WARP vpn, i didn't know they allowed SSH trafic through that. What is surprising is that the IPs i am seeing do not match any of the ranges Cloudflare is publishing on that link (typically as sub range of 8.0.0.0/8).

[johnklos]

VPNs aren't supposed to block traffic, so there'd be no good reason to block ssh unless you suspect your clients are malicious.

As to why Cloudflare's 8.37.43.0/24, 8.39.18.0/24, 8.40.140.0/24 and 8.42.172.0/24 networks aren't on that page which purports to be the "definitive source of Cloudflare’s current IP ranges", all I can say is that Cloudflare has a long history of caring much more about the appearance of transparency than about actually being transparent. They make reporting any abuse very difficult, and they probably wouldn't care in the slightest that their customers are doing nefarious things.

[eastdakota]

That page is for the IPs that customers should whitelist as the source of traffic from our proxy services. These IPs are for Cloudflare WARP (our VPN-like app) and should not be whitelisted by customers in the same way. That's why they're not on that page.

[zinekeller]

Just checked, and you're right. Hmm, suspicious, although looking at RADB (https://www.radb.net/query?advanced_query=1&keywords=AS13335...) it seems that it routes more than that list.

[onlyspaceghost]

That IP list does not contain warp ip addresses. It contains IPs that are used in cloudflare networks such as Proxying with the orange cloud or tunnels

The point of that list is if you are behind a cloudflare proxy in some form and only want to allow traffic from cloudflare

[johnklos]

That's nice, but that page doesn't say that at all nor suggest anything remotely close. The URL itself implies that it's not specific to any service. They say, quite confusingly and unaccurately, "This page is intended to be the definitive source of Cloudflare’s current IP ranges."

That page really should say what it's for.

[viraptor]

The page was created before warp and workers existed, so the description was valid at the time. They did fail to update it. If we say "cloudflare bad" 3 times, maybe jgc will appear and get someone to fix it.