Last active
          May 20, 2020 13:45 
        
      - 
      
- 
        Save rraallvv/17b5a7f38373cf6ec4847bc10431c830 to your computer and use it in GitHub Desktop. 
    Open ports to Cloudflare with UFW
  
        
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | #!/usr/bin/env bash | |
| # Instructions: | |
| # | |
| # 1) Place this script in the /root/ directory, give it proper permissions. | |
| # $ sudo chmod +x /root/open-cloudflare.sh | |
| # | |
| # 2) Open the cron job editor | |
| # $ sudo crontab -e | |
| # | |
| # 3) Add the following to the last line | |
| # 12 0 * * * root /root/open-cloudflare.sh | |
| # Actual script: | |
| IFS=$'\n' | |
| # Remove exsisting rules | |
| # IPv4 HTTP | |
| while true; do | |
| i=$(sudo ufw status numbered | grep -m1 '80' | awk -F"[][]" '{print $2}') | |
| if ! [ -z "$i" ]; then | |
| echo "removing http rule" | |
| sudo ufw --force delete $i | |
| else | |
| break | |
| fi | |
| done | |
| # IPv4 HTTPS | |
| while true; do | |
| i=$(sudo ufw status numbered | grep -m1 '443' | awk -F"[][]" '{print $2}') | |
| if ! [ -z "$i" ]; then | |
| echo "removing https rule" | |
| sudo ufw --force delete $i | |
| else | |
| break | |
| fi | |
| done | |
| # Add new rules | |
| # IPv4 HTTP | |
| echo "adding IPv4 HTTP" | |
| for i in $(curl "https://www.cloudflare.com/ips-v4"); do | |
| echo "adding '$i' http" | |
| sudo ufw allow from $i to any port http | |
| done | |
| # IPv4 HTTPS | |
| echo "adding IPv4 HTTPS" | |
| for i in $(curl "https://www.cloudflare.com/ips-v4"); do | |
| echo "adding '$i' https" | |
| sudo ufw allow from $i to any port https | |
| done | 
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment