Form an expression

Rules are written as using the Cloudflare Rules language - a domain-specific language (DSL) intended to mimic Wireshark semantics. For more information, refer to the Rules language documentation.

To start with a simple case, review below how you would match a source IP:

Expressions can be more complex by joining multiple clauses via a logical operator:

​​ Capabilities

You can use Magic Firewall to skip or block packets based on source or destination IP, source or destination port, protocol, packet length, or bit field match.

​​ Restrictions

Wirefilter comparisons support CIDR notation, but only inside sets. For example:

Expressions have a complexity limit that is easily reached when many joined or nested clauses are in the expression. Here’s an example:

If the limit is reached, the response will have a 400 status code and an error message of ruleset exceeds complexity constraints. Split the expression into multiple rules and try again.