Skip to content

Instantly share code, notes, and snippets.

@nalakawula
Created November 24, 2023 09:49
Show Gist options
  • Save nalakawula/f988263dd147312666e5b2f5aadd25e1 to your computer and use it in GitHub Desktop.
Save nalakawula/f988263dd147312666e5b2f5aadd25e1 to your computer and use it in GitHub Desktop.
UFW to allow cloudflare IP address and deny other IP.
#!/usr/bin/env bash
set -euo pipefail
# Get the Cloudflare IPs
curl -s https://www.cloudflare.com/ips-v4 -o /tmp/cloudflare_ips
echo "" >> /tmp/cloudflare_ips
curl -s https://www.cloudflare.com/ips-v6 >> /tmp/cloudflare_ips
# Reset the firewall to clean stuff.
ufw --force reset
# Allow SSH.
ufw allow ssh
# Allow traffic from Cloudflare IPs on all ports.
for ip in $(cat /tmp/cloudflare_ips)
do
ufw allow from $ip to any port 80,443 proto tcp comment 'Cloudflare'
done
# Deny, mean no response to client
ufw deny 80
ufw deny 443
# Make sure the firewall is enabled and started, as the above command
# stops it.
ufw enable
# Reload ufw.
ufw reload > /dev/null
# Show the rules to verify it worked.
ufw status numbered
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment