From c2b33f6117b3ee54425aa52db594aeb33a7d9a9c Mon Sep 17 00:00:00 2001
From: Dejavu Moe <admin@dejavu.moe>
Date: Wed, 10 May 2023 21:12:16 +0800
Subject: add cloudflare ufw ip scripts

---
 cloudflare/ufw-add-cf-ip.sh | 13 +++++++++++++
 cloudflare/ufw-rm-cf-ip.sh  | 13 +++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 cloudflare/ufw-add-cf-ip.sh
 create mode 100644 cloudflare/ufw-rm-cf-ip.sh

diff --git a/cloudflare/ufw-add-cf-ip.sh b/cloudflare/ufw-add-cf-ip.sh
new file mode 100644
index 0000000..f292346
--- /dev/null
+++ b/cloudflare/ufw-add-cf-ip.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+for ipv4 in `curl -s https://www.cloudflare.com/ips-v4 | tee ips-v4`
+do
+    sudo ufw allow from $ipv4 to any port 80
+    sudo ufw allow from $ipv4 to any port 443
+done
+
+for ipv6 in `curl -s https://www.cloudflare.com/ips-v6 | tee ips-v6`
+do
+    sudo ufw allow from $ipv6 to any port 80
+    sudo ufw allow from $ipv6 to any port 443
+done
\ No newline at end of file
diff --git a/cloudflare/ufw-rm-cf-ip.sh b/cloudflare/ufw-rm-cf-ip.sh
new file mode 100644
index 0000000..990e079
--- /dev/null
+++ b/cloudflare/ufw-rm-cf-ip.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+for ipv4 in `cat ips-v4`
+do
+    sudo ufw delete allow from $ipv4 to any port 80
+    sudo ufw delete allow from $ipv4 to any port 443
+done
+
+for ipv6 in `cat ips-v6`
+do
+    sudo ufw delete allow from $ipv6 to any port 80
+    sudo ufw delete allow from $ipv6 to any port 443
+done
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf