#!/usr/bin/env bash

# Instructions:
#
# 1) Place this script in the /root/ directory, give it proper permissions.
#	$ sudo chmod +x /root/open-cloudflare.sh
#
# 2) Open the cron job editor
#	$ sudo crontab -e
#
# 3) Add the following to the last line
#	12 0 * * * root /root/open-cloudflare.sh

# Actual script:

IFS=$'\n'

# Remove exsisting rules

# IPv4 HTTP
while true; do
	i=$(sudo ufw status numbered | grep -m1 '80' | awk -F"[][]" '{print $2}')
	if ! [ -z "$i" ]; then
		echo "removing http rule"
        	sudo ufw --force delete $i
	else
		break
	fi
done

# IPv4 HTTPS
while true; do
	i=$(sudo ufw status numbered | grep -m1 '443' | awk -F"[][]" '{print $2}')
	if ! [ -z "$i" ]; then
		echo "removing https rule"
		sudo ufw --force delete $i
	else
		break
	fi
done

# Add new rules

# IPv4 HTTP
echo "adding IPv4 HTTP"
for i in $(curl "https://www.cloudflare.com/ips-v4"); do
	echo "adding '$i' http"
	sudo ufw allow from $i to any port http
done

# IPv4 HTTPS
echo "adding IPv4 HTTPS"
for i in $(curl "https://www.cloudflare.com/ips-v4"); do
	echo "adding '$i' https"
	sudo ufw allow from $i to any port https
done