tguruslan/update_cloudflare.sh

## update_cloudflare.sh
#!/bin/bash -x

firewall-cmd --zone=public --remove-service=http --permanent
firewall-cmd --zone=public --remove-service=https --permanent

for ipv in v4 v6; do
  for i in $(firewall-cmd --zone=public --list-all | grep http | grep "ip${ipv}" | awk '{print $4}' | awk -F '"' '{print $2}' | sort -u); do
    firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" service name="http" accept"
    firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" service name="https" accept"
    firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" port port="80" protocol="tcp" accept"
    firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" port port="443" protocol="tcp" accept"
  done
  for i in $(cat "/root/whitelist_${ipv}.txt") $(curl -s "https://www.cloudflare.com/ips-${ipv}"); do
    firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" service name="http" accept"
    firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" service name="https" accept"
    firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" port port="80" protocol="tcp" accept"
    firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" port port="443" protocol="tcp" accept"
  done
done

firewall-cmd --reload
	#!/bin/bash -x

	firewall-cmd --zone=public --remove-service=http --permanent
	firewall-cmd --zone=public --remove-service=https --permanent

	for ipv in v4 v6; do
	for i in $(firewall-cmd --zone=public --list-all \| grep http \| grep "ip${ipv}" \| awk '{print $4}' \| awk -F '"' '{print $2}' \| sort -u); do
	firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" service name="http" accept"
	firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" service name="https" accept"
	firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" port port="80" protocol="tcp" accept"
	firewall-cmd --zone=public --permanent --remove-rich-rule "rule family="ip${ipv}" source address="$i" port port="443" protocol="tcp" accept"
	done
	for i in $(cat "/root/whitelist_${ipv}.txt") $(curl -s "https://www.cloudflare.com/ips-${ipv}"); do
	firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" service name="http" accept"
	firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" service name="https" accept"
	firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" port port="80" protocol="tcp" accept"
	firewall-cmd --zone=public --permanent --add-rich-rule "rule family="ip${ipv}" source address="$i" port port="443" protocol="tcp" accept"
	done
	done

	firewall-cmd --reload