Whitelisting access from the office and VPN

If you want your apps to be accessible only from the Office and our VPN (both legacy and Cloudflare WARP), you need to set whitelist accordingly.

IPs to whitelist

Office

195.39.45.226
2001:af0:8002:c01::/64
2001:af0:8000:1417::2/128

The IP address 195.39.45.227 is used for guest wifi in the office and should not be whitelisted anywhere under any circumstances !!!

Cloudflare

104.30.177.82 (Dreieich, DE)
104.30.164.111 (Reston, US)
104.30.164.113 (Melton, AU)
104.30.164.112 (Narita, JP)

2a09:bac0:1001:437::/64 (Dreieich, DE)
2a09:bac0:1000:922::/64 (Reston, US)
2a09:bac0:1000:924::/64 (Melton, AU)
2a09:bac0:1000:923::/64 (Narita, JP)

Example: Standard service chart (kong)

For the standard service chart using kong ingress you can use the ip-restriction plugin:

kong:
  plugins:
    - name: ip-restriction
      config:
        allow:  
        # Office and legacy VPN
        - 195.39.45.226

        # CloudFlare zero trust
        - 104.30.177.82/32
        - 104.30.164.111/32
        - 104.30.164.113/32
        - 104.30.164.112/32
        - 2a09:bac0:1001:437::/64
        - 2a09:bac0:1000:922::/64
        - 2a09:bac0:1000:924::/64
        - 2a09:bac0:1000:923::/64