We can use https://github.com/compassvpn/ir-access to fetch all Iranian IPv4 and IPv6 addresses and then set up a simple nftables to only allow these IPs. (except SSH)
Challenges:
- CDN inbounds must only be updated to show X-Forwarded IP from Cloudflare. (to not show CF IP, instead the Iranian IP). I think this is the case with our Nginx config; it needs some testing.
- The Mahsaserver test servers are from Canada. If the user turns on this option, the config links cannot be imported to the Mahsaserver. This needs to be resolved.
We can use https://github.com/compassvpn/ir-access to fetch all Iranian IPv4 and IPv6 addresses and then set up a simple nftables to only allow these IPs. (except SSH)
Challenges: