KiNgMaR · January 22, 2024 17:28 · iMiMx · Feb 23, 2022 · KiNgMaR · Feb 23, 2022
diff --git a/cloudflare-ipset.sh b/cloudflare-ipset.sh
 #!/bin/bash

 # name of the ipset - v4 or v6 will be appended.
 IPSET_NAME=cloudflare-

 # argument: v4 or v6 (defaults to v4)
 cloudflare_ipset ()
 {
        local ipv
        local inetv

        if [ -z "$1" ]; then ipv="v4"; else ipv="$1"; fi

        if [ "$ipv" = "v4" ]
                then inetv="inet"
                else inetv="inet6"
        fi

        IPSET_NAME="$IPSET_NAME$ipv"

        local content_re='^[0-9a-f:.\r\n/ ]+$'

        local url="https://www.cloudflare.com/ips-$ipv/"
        local ipdata; # local is a command that affects $?, so must be separate!
        ipdata=$(curl --fail -L "$url" 2>/dev/null | tr -s "[:space:]" " ")
        local ret=$?

        if [ $ret -eq 0 ] && [[ $ipdata =~ $content_re ]]; then
                if ipset list $IPSET_NAME 2>/dev/null 1>/dev/null
                then
                        echo "Updating $IPSET_NAME set..."
                        ipset flush $IPSET_NAME
                else
                        echo "Creating $IPSET_NAME set..."
                        ipset create $IPSET_NAME hash:net family $inetv
                fi
                for i in $ipdata
                do
                        ipset add $IPSET_NAME $i
                done

                local count=`ipset list $IPSET_NAME | wc -l`
                count=$((count-7))
                echo "Set $IPSET_NAME now has $count entries."
                return 0
        else
                echo "Download failed, sets not modified."
                return 1
        fi
 }

 cloudflare_ipset "$1"

 exit $?
diff --git a/cloudflare-iptables.sh b/cloudflare-iptables.sh
 #!/bin/bash

 # name of the custom chain:
 CHAIN_NAME=cloudflare
 # target for the last (default) rule in the chain:
 # (use REJECT, DROP or a custom chain name, ACCEPT would not make sense)
 CHAIN_POLICY=DROP

 # argument: v4 or v6 (defaults to v4)
 cloudflare_iptables ()
 {
        local ipv

        if [ -z "$1" ]; then ipv="v4"; else ipv="$1"; fi

        local iptcmd
        if [ "$ipv" = "v4" ]
                then iptcmd="iptables"
                else iptcmd="ip6tables"
        fi

        local content_re='^[0-9a-f:.\r\n/ ]+$'

        local url="https://www.cloudflare.com/ips-$ipv/"
        local ipdata; # local is a command that affects $?, so must be separate!
        ipdata=$(curl --fail -L "$url" 2>/dev/null | tr -s "[:space:]" " ")
        local ret=$?

        if [ $ret -eq 0 ] && [[ $ipdata =~ $content_re ]]; then
                if $iptcmd --list-rules $CHAIN_NAME 2>/dev/null 1>/dev/null
                then
                        echo "Updating $CHAIN_NAME chain..."
                        $iptcmd --flush $CHAIN_NAME
                else
                        echo "Creating $CHAIN_NAME chain..."
                        $iptcmd --new-chain $CHAIN_NAME
                fi
                for i in $ipdata
                do
                        $iptcmd -A $CHAIN_NAME -s $i -j ACCEPT
                done
                $iptcmd -A $CHAIN_NAME -j $CHAIN_POLICY

                local count=`$iptcmd --list-rules $CHAIN_NAME | wc -l`
                count=$((count-1))
                echo "Chain $CHAIN_NAME now has $count rules."
                return 0
        else
                echo "Download failed, chains not modified."
                return 1
        fi
 }

 cloudflare_iptables "$1"

 exit $?
	#!/bin/bash

	# name of the ipset - v4 or v6 will be appended.
	IPSET_NAME=cloudflare-

	# argument: v4 or v6 (defaults to v4)
	cloudflare_ipset ()
	{
	local ipv
	local inetv

	if [ -z "$1" ]; then ipv="v4"; else ipv="$1"; fi

	if [ "$ipv" = "v4" ]
	then inetv="inet"
	else inetv="inet6"
	fi

	IPSET_NAME="$IPSET_NAME$ipv"

	local content_re='^[0-9a-f:.\r\n/ ]+$'

	local url="https://www.cloudflare.com/ips-$ipv/"
	local ipdata; # local is a command that affects $?, so must be separate!
	ipdata=$(curl --fail -L "$url" 2>/dev/null \| tr -s "[:space:]" " ")
	local ret=$?

	if [ $ret -eq 0 ] && [[ $ipdata =~ $content_re ]]; then
	if ipset list $IPSET_NAME 2>/dev/null 1>/dev/null
	then
	echo "Updating $IPSET_NAME set..."
	ipset flush $IPSET_NAME
	else
	echo "Creating $IPSET_NAME set..."
	ipset create $IPSET_NAME hash:net family $inetv
	fi
	for i in $ipdata
	do
	ipset add $IPSET_NAME $i
	done

	local count=`ipset list $IPSET_NAME \| wc -l`
	count=$((count-7))
	echo "Set $IPSET_NAME now has $count entries."
	return 0
	else
	echo "Download failed, sets not modified."
	return 1
	fi
	}

	cloudflare_ipset "$1"

	exit $?
	#!/bin/bash

	# name of the custom chain:
	CHAIN_NAME=cloudflare
	# target for the last (default) rule in the chain:
	# (use REJECT, DROP or a custom chain name, ACCEPT would not make sense)
	CHAIN_POLICY=DROP

	# argument: v4 or v6 (defaults to v4)
	cloudflare_iptables ()
	{
	local ipv

	if [ -z "$1" ]; then ipv="v4"; else ipv="$1"; fi

	local iptcmd
	if [ "$ipv" = "v4" ]
	then iptcmd="iptables"
	else iptcmd="ip6tables"
	fi

	local content_re='^[0-9a-f:.\r\n/ ]+$'

	local url="https://www.cloudflare.com/ips-$ipv/"
	local ipdata; # local is a command that affects $?, so must be separate!
	ipdata=$(curl --fail -L "$url" 2>/dev/null \| tr -s "[:space:]" " ")
	local ret=$?

	if [ $ret -eq 0 ] && [[ $ipdata =~ $content_re ]]; then
	if $iptcmd --list-rules $CHAIN_NAME 2>/dev/null 1>/dev/null
	then
	echo "Updating $CHAIN_NAME chain..."
	$iptcmd --flush $CHAIN_NAME
	else
	echo "Creating $CHAIN_NAME chain..."
	$iptcmd --new-chain $CHAIN_NAME
	fi
	for i in $ipdata
	do
	$iptcmd -A $CHAIN_NAME -s $i -j ACCEPT
	done
	$iptcmd -A $CHAIN_NAME -j $CHAIN_POLICY

	local count=`$iptcmd --list-rules $CHAIN_NAME \| wc -l`
	count=$((count-1))
	echo "Chain $CHAIN_NAME now has $count rules."
	return 0
	else
	echo "Download failed, chains not modified."
	return 1
	fi
	}

	cloudflare_iptables "$1"

	exit $?