#!/bin/bash echo "==================================================================================" echo "/usr/local/sbin/ufw-cloudflare-sync.sh..." #!/usr/bin/env bash set -euo pipefail CF_IPV4_URL="https://www.cloudflare.com/ips-v4" CF_IPV6_URL="https://www.cloudflare.com/ips-v6" echo "Fetching Cloudflare IP ranges..." CF_IPV4=$(curl -fsSL "$CF_IPV4_URL") CF_IPV6=$(curl -fsSL "$CF_IPV6_URL") echo "Removing existing Cloudflare HTTP/HTTPS rules..." # Remove previous CF rules (80/443 only) ufw status numbered | \ grep -E '80/tcp|443/tcp' | \ grep -E 'ALLOW IN' | \ grep -E 'Cloudflare|cf' || true # Remove by rule number (reverse order to keep numbering stable) ufw status numbered | \ grep -E '80/tcp|443/tcp' | \ awk -F'[][]' '{print $2}' | \ sort -rn | \ while read -r num; do ufw delete "$num" done echo "Adding Cloudflare IPv4 rules..." for ip in $CF_IPV4; do ufw allow from "$ip" to any port 80 proto tcp comment 'Cloudflare HTTP' ufw allow from "$ip" to any port 443 proto tcp comment 'Cloudflare HTTPS' done echo "Adding Cloudflare IPv6 rules..." for ip in $CF_IPV6; do ufw allow from "$ip" to any port 80 proto tcp comment 'Cloudflare HTTP' ufw allow from "$ip" to any port 443 proto tcp comment 'Cloudflare HTTPS' done ufw reload echo "Done. Cloudflare-only HTTP/HTTPS rules updated." echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Install & use..." sudo nano /usr/local/sbin/ufw-cloudflare-sync.sh sudo chmod +x /usr/local/sbin/ufw-cloudflare-sync.sh sudo /usr/local/sbin/ufw-cloudflare-sync.sh echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Cloudflare changes IP ranges rarely, but this is safe:..." sudo crontab -e echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Add:..." 0 4 1 * * /usr/local/sbin/ufw-cloudflare-sync.sh >/dev/null 2>&1 echo "Done..." echo "==================================================================================" echo "==================================================================================" echo "Final sanity check..." sudo ufw status verbose echo "Done..." echo "==================================================================================" exit