Skip to content

Instantly share code, notes, and snippets.

@rraallvv
Last active May 20, 2020 13:45
Show Gist options
  • Save rraallvv/17b5a7f38373cf6ec4847bc10431c830 to your computer and use it in GitHub Desktop.
Save rraallvv/17b5a7f38373cf6ec4847bc10431c830 to your computer and use it in GitHub Desktop.
Open ports to Cloudflare with UFW
#!/usr/bin/env bash
# Instructions:
#
# 1) Place this script in the /root/ directory, give it proper permissions.
# $ sudo chmod +x /root/open-cloudflare.sh
#
# 2) Open the cron job editor
# $ sudo crontab -e
#
# 3) Add the following to the last line
# 12 0 * * * root /root/open-cloudflare.sh
# Actual script:
IFS=$'\n'
# Remove exsisting rules
# IPv4 HTTP
while true; do
i=$(sudo ufw status numbered | grep -m1 '80' | awk -F"[][]" '{print $2}')
if ! [ -z "$i" ]; then
echo "removing http rule"
sudo ufw --force delete $i
else
break
fi
done
# IPv4 HTTPS
while true; do
i=$(sudo ufw status numbered | grep -m1 '443' | awk -F"[][]" '{print $2}')
if ! [ -z "$i" ]; then
echo "removing https rule"
sudo ufw --force delete $i
else
break
fi
done
# Add new rules
# IPv4 HTTP
echo "adding IPv4 HTTP"
for i in $(curl "https://www.cloudflare.com/ips-v4"); do
echo "adding '$i' http"
sudo ufw allow from $i to any port http
done
# IPv4 HTTPS
echo "adding IPv4 HTTPS"
for i in $(curl "https://www.cloudflare.com/ips-v4"); do
echo "adding '$i' https"
sudo ufw allow from $i to any port https
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment