Created
December 3, 2021 17:29
-
-
Save floatzeI/b6896228d1eb68ca467a26a83be313ce to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Modified version of this: https://github.com/Paul-Reed/cloudflare-ufw/blob/master/cloudflare-ufw.sh | |
| # Apache 2.0 - https://github.com/Paul-Reed/cloudflare-ufw/blob/master/LICENSE | |
| # This is edited to automatically delete old CF ips before adding new ones, instead of the original script, which just adds new CF ips while ignoring old ones. | |
| curl -s https://www.cloudflare.com/ips-v4 -o /tmp/cf_ips | |
| echo "" >> /tmp/cf_ips | |
| curl -s https://www.cloudflare.com/ips-v6 >> /tmp/cf_ips | |
| # Restrict to ports 80 & 443 | |
| # delete old ips | |
| while true; do | |
| result=$(ufw status numbered |(grep 'Cloudflare'|head -1|awk -F"[][]" '{print $2}')); | |
| echo $result; | |
| if [ -z "$result" ]; | |
| then | |
| break; | |
| else | |
| yes y | ufw delete $result | |
| fi | |
| done | |
| #for cfip in $(ufw status numbered |(grep 'Cloudflare'|awk -F"[][]" '{print $2}')); do yes y | ufw delete $cfip; done; | |
| for cfip in `cat /tmp/cf_ips`; do ufw allow proto tcp from $cfip to any port 80,443 comment 'Cloudflare IP'; done | |
| ufw reload > /dev/null |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment