LinuxCommandLibrary

flarectl

Manage Cloudflare resources from the command line

TLDR

Block a specific IP

$ flarectl firewall rules create --zone="[example.com]" --value="[8.8.8.8]" --mode="[block]" --notes="[Block bad actor]"
copy

Add a DNS record
$ flarectl dns create --zone="[example.com]" --name="[app]" --type="[CNAME]" --content="[myapp.herokuapp.com]" --proxy
copy

List all Cloudflare IPv4/IPv6 ranges
$ flarectl ips --ip-type [ipv4|ipv6|all]
copy

Create many new Cloudflare zones automatically with names from domains.txt
$ for domain in $(cat [domains.txt]); do flarectl zone info --zone=$domain; done
copy

List all firewall rules
$ flarectl firewall rules list
copy

SYNOPSIS

flarectl [OPTIONS] <COMMAND> [<ARGS>]...

PARAMETERS

--api-email string
    Email for API key authentication

--api-key string
    Global API key (use with --api-email)

--api-token string
    Preferred: API token for authentication

--config string
    Path to config file (default ~/.config/flarectl/config.yml)

--debug
    Enable debug logging

--help, -h
    Show help

--url string
    API base URL (default https://api.cloudflare.com)

--version, -v
    Print version info

DESCRIPTION

flarectl is an open-source command-line interface developed by Cloudflare for managing resources via the Cloudflare API. It simplifies tasks like creating, listing, and deleting Tunnels, Access policies, Gateways, DNS records, and more in Zero Trust environments.

Key features include support for Zero Trust (Access Apps, Service Tokens, WARP clients), Cloudflare Tunnel management, and account/zone operations. Authentication uses API tokens or key/email pairs. It's ideal for automation, scripting, and DevOps workflows.

Built in Go, it's cross-platform (Linux, macOS, Windows) with autocompletion for shells like bash/zsh/fish. Use it to deploy tunnels without the cloudflared daemon interactively, inspect configurations, or integrate with CI/CD pipelines.

Compared to the official cloudflared tool, flarectl offers broader API coverage beyond just tunnels.

CAVEATS

Requires valid Cloudflare API credentials with appropriate permissions.
Rate-limited by Cloudflare API quotas.
Not all API endpoints supported; check docs for gaps.

INSTALLATION

Download binaries from GitHub releases or brew install cloudflare/flarectl/flarectl on macOS.

COMMON COMMANDS

tunnel create mytunnel
access app list
account list

HISTORY

First released in 2021 by Cloudflare as open-source (Apache-2.0). Active development with v0.3.x in 2024, adding Zero Trust features. Replaces ad-hoc API scripting.

SEE ALSO

cloudflared(8), curl(1), jq(1)

Copied to clipboard