首页 发现 帮助
登录
kotoyuuko
/
debian-server-init
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: be450666e6
分支列表 标签列表
debian-server-i...
/
scripts
/
update_cloudflare_ips_for_ufw.sh

update_cloudflare_ips_for_ufw.sh 1.0 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839 
  1. #!/bin/bash
    2. 

  2. 

  3. # check root
    4. 

  4. if [[ $EUID -ne 0 ]]; then
    5. 

  5.    exit 1
    6. 

  6. fi
    7. 

  7. 

  8. # Cloudflare IPs URL
    9. 

  9. CF_IPV4_URL="https://www.cloudflare.com/ips-v4"
    10. 

  10. CF_IPV6_URL="https://www.cloudflare.com/ips-v6"
    11. 

  11. 

  12. # remove exist rules
    13. 

  13. CF_RULES=$(ufw status numbered | grep '# Cloudflare' | grep -oP '\[\s*\K\d+(?=\])' | sort -rn)
    14. 

  14. if [ -z "$CF_RULES" ]; then
    15. 

  15.     echo "no rule should be deleted"
    16. 

  16. else
    17. 

  17.     for NUM in $CF_RULES; do
    18. 

  18.         ufw --force delete $NUM
    19. 

  19.     done
    20. 

  20. fi
    21. 

  21. 

  22. # add rules for IPv4
    23. 

  23. while read ip; do
    24. 

  24.     if [[ ! -z "$ip" ]]; then
    25. 

  25.         ufw allow proto tcp from $ip to any port 80 comment 'Cloudflare IPv4 HTTP'
    26. 

  26.         ufw allow proto tcp from $ip to any port 443 comment 'Cloudflare IPv4 HTTPS'
    27. 

  27.     fi
    28. 

  28. done < <(curl -sL "$CF_IPV4_URL")
    29. 

  29. 

  30. # add rules for IPv6
    31. 

  31. while read ip; do
    32. 

  32.     if [[ ! -z "$ip" ]]; then
    33. 

  33.         ufw allow proto tcp from $ip to any port 80 comment 'Cloudflare IPv6 HTTP'
    34. 

  34.         ufw allow proto tcp from $ip to any port 443 comment 'Cloudflare IPv6 HTTPS'
    35. 

  35.     fi
    36. 

  36. done < <(curl -sL "$CF_IPV6_URL")
    37. 

  37. 

  38. # print latest rules
    39. 

  39. ufw status numbered
    40.