SzymonLisowiec · June 9, 2023 21:47
diff --git a/readme.md b/readme.md
diff --git a/cloudflare-ufw.sh b/cloudflare-ufw.sh
 #!/bin/sh
 #
 #  UFW rule updater to only allow HTTP and HTTPS traffic from Cloudflare IP addresses.
 #  Inspired by https://github.com/Paul-Reed/cloudflare-ufw/blob/master/cloudflare-ufw.sh
 #
 #  To run as a daily cron job:
 #    1. sudo crontab -e
 #    2. Add this line to the end:
 #        @daily /this/file/location/cloudflare-ufw.sh &> /dev/null

 # Fetch latest IP range lists (both v4 and v6) directly from Cloudflare
 curl -s https://www.cloudflare.com/ips-v4 -o /tmp/cf_ips
 echo "\n" >> /tmp/cf_ips
 curl -s https://www.cloudflare.com/ips-v6 >> /tmp/cf_ips

 # Restrict traffic to ports 80 (TCP) & 443 (TCP)
 # UFW will skip an IP range if a rule already exists for it (which it probably does)
 for ip in `cat /tmp/cf_ips`; do ufw allow proto tcp from $ip to any port 80,443 comment 'Cloudflare'; done

 # Clear downloaded lists from above
 rm /tmp/cf_ips

 # Need to reload UFW for any new rules to take effect
 ufw reload
	#!/bin/sh
	#
	# UFW rule updater to only allow HTTP and HTTPS traffic from Cloudflare IP addresses.
	# Inspired by https://github.com/Paul-Reed/cloudflare-ufw/blob/master/cloudflare-ufw.sh
	#
	# To run as a daily cron job:
	# 1. sudo crontab -e
	# 2. Add this line to the end:
	# @daily /this/file/location/cloudflare-ufw.sh &> /dev/null

	# Fetch latest IP range lists (both v4 and v6) directly from Cloudflare
	curl -s https://www.cloudflare.com/ips-v4 -o /tmp/cf_ips
	echo "\n" >> /tmp/cf_ips
	curl -s https://www.cloudflare.com/ips-v6 >> /tmp/cf_ips

	# Restrict traffic to ports 80 (TCP) & 443 (TCP)
	# UFW will skip an IP range if a rule already exists for it (which it probably does)
	for ip in `cat /tmp/cf_ips`; do ufw allow proto tcp from $ip to any port 80,443 comment 'Cloudflare'; done

	# Clear downloaded lists from above
	rm /tmp/cf_ips

	# Need to reload UFW for any new rules to take effect
	ufw reload
No results found