Created
November 24, 2023 09:49
-
-
Save nalakawula/f988263dd147312666e5b2f5aadd25e1 to your computer and use it in GitHub Desktop.
UFW to allow cloudflare IP address and deny other IP.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # Get the Cloudflare IPs | |
| curl -s https://www.cloudflare.com/ips-v4 -o /tmp/cloudflare_ips | |
| echo "" >> /tmp/cloudflare_ips | |
| curl -s https://www.cloudflare.com/ips-v6 >> /tmp/cloudflare_ips | |
| # Reset the firewall to clean stuff. | |
| ufw --force reset | |
| # Allow SSH. | |
| ufw allow ssh | |
| # Allow traffic from Cloudflare IPs on all ports. | |
| for ip in $(cat /tmp/cloudflare_ips) | |
| do | |
| ufw allow from $ip to any port 80,443 proto tcp comment 'Cloudflare' | |
| done | |
| # Deny, mean no response to client | |
| ufw deny 80 | |
| ufw deny 443 | |
| # Make sure the firewall is enabled and started, as the above command | |
| # stops it. | |
| ufw enable | |
| # Reload ufw. | |
| ufw reload > /dev/null | |
| # Show the rules to verify it worked. | |
| ufw status numbered |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment