I have an odd situation and I'm not entirely sure if it is even possible in IPTables. If it isn't, that's fine and I can do without. If it is, fantastic, I'd love to see how to implement it.
So, my DNS records basically work like this. I have mydomain.com going to my IP address, lets say 127.0.0.1 for example, which is routed through CloudFlare CDN to speed up my website, then I have d.mydomain.com which is pointed to the same 127.0.0.1, but it is set to bypass CloudFlare's network and go straight to my server.
On the server, I have the following ports open in IPTABLES: 22 (ssh2) and 443 (https). Through CloudFlare (mydomain.com), only 443 can pass and 22 is blocked by their network.
My question is this: is it possible to have IPTABLES open only port 443 if the user is connecting through mydomain.com, and can I only open 22 on d.mydomain.com, as well as set some basic whitelists? I'd like to use this to cut illegitimate traffic to my site and focus only on legitimate traffic passing through CloudFlare's network.
Thanks for any hints as to whether or not this is even possible.
-Mike
