Use Cloudflare Gateway DNS/VPN to block ads, malware and tracking domains - free alternative to NextDNS, Pi-hole and Adguard
Cloudflare Gateway allows you to create custom rules to filter HTTP, DNS, and network traffic based on your firewall policies. This is a collection of scripts that can be used to get a similar experience as if you were using Pi-hole, but with Cloudflare Gateway - so no servers to maintain or need to buy a Raspberry Pi!
cf_list_delete.js
- Deletes all lists created by CGPS from Cloudflare Gateway. This is useful for subsequent runs.cf_list_create.js
- Takes an input.csv file containing domains and creates lists in Cloudflare Gatewaycf_gateway_rule_create.js
- Creates a Cloudflare Gateway rule to block all traffic if it matches the lists created by CGPS.cf_gateway_rule_delete.js
- Deletes the Cloudflare Gateway rule created by CGPS. Useful for subsequent runs.input.csv
. Mullvad provides awesome DNS blocklists that work well with this project. A bash script that downloads recommended blocklists, get_recommended_filters.sh
, is included.whitelist.csv
. You can also use the get_recomended_whitelist.sh
Bash script to get the recommended whitelists.npm install
to install dependencies..env.example
to .env
and fill in the values.node cf_gateway_rule_delete.js
and node cf_list_delete.js
(in order) to delete old data.get_recommended_filters.sh
script to download recommended filter lists (about 250 000 domains).node cf_list_create.js
to create the lists in Cloudflare Gateway. This will take a while.node cf_gateway_rule_create.js
to create the firewall rule in Cloudflare Gateway.These scripts can be run using GitHub Actions so your filters will be automatically updated and pushed to Cloudflare Gateway. This is useful if you are using a frequently updated malware blocklist.
Please note that the GitHub Action downloads the recommended blocklists and whitelist by default. You can change this behavior by editing the file.
CLOUDFLARE_API_KEY
: Your Cloudflare API keyCLOUDFLARE_ACCOUNT_ID
: Your Cloudflare account IDCLOUDFLARE_ACCOUNT_EMAIL
: Your Cloudflare account emailCLOUDFLARE_LIST_ITEM_LIMIT
: The maximum number of blocked domains allowed for your Cloudflare Zero Trust plan. Use 300000 for the free plan or if you're unsure..github/workflows/main.yml
with the contents of auto_update_github_action.yml
found in this repository. The default settings will update your filters every week at 3 AM UTC. You can change this by editing the schedule
property.Alternatively, you can install the Cloudflare WARP client and log in to Zero Trust. This method proxies your traffic over Cloudflare servers, meaning it works similarly to a commercial VPN.
MIT License. See LICENSE
for more information.
If you would like to donate to support this project, you can do so via Liberapay - click the Sponsor button or see my GitHub profile for the link.