Skip to content

Instantly share code, notes, and snippets.

@ninjatrench
Created January 25, 2018 17:29
Show Gist options
  • Save ninjatrench/7daf3555a8171fa6f144e5bf11e30da4 to your computer and use it in GitHub Desktop.
Save ninjatrench/7daf3555a8171fa6f144e5bf11e30da4 to your computer and use it in GitHub Desktop.
Script (For Linux Servers) to Prevent Real IP address Leak Protected Behind CloudFlare
#!/bin/bash
if [[ $EUID -ne 0 ]]; then
echo "[-] This script must be run as root [-]"
exit 1
fi
echo "[+] Reseting Initiated [+]"
ufw disable
echo "[?] Current Status [?]"
ufw status numbered verbose
echo "[+] Downloading Rules [+]"
wget https://www.cloudflare.com/ips-v4 -O ips-v4.tmp
wget https://www.cloudflare.com/ips-v6 -O ips-v6.tmp
mv ips-v4.tmp ips-v4
mv ips-v6.tmp ips-v6
echo "[+] Updating Rules [+]"
ufw reset
ufw default deny incoming
ufw default allow outgoing
#ufw allow ssh
#ufw limit 22/tcp
#ufw allow in on eth1 to any port 80
for cfip in `cat ips-v4`; do ufw allow from $cfip to any port 80 proto tcp; done
for cfip in `cat ips-v6`; do ufw allow from $cfip to any port 80 proto tcp; done
for cfip in `cat ips-v4`; do ufw allow from $cfip to any port 443 proto tcp; done #SSL
for cfip in `cat ips-v6`; do ufw allow from $cfip to any port 443 proto tcp; done #SSL
#ufw allow www
#ufw allow in on eth1 to any port 6379 # Redis
#ufw allow in on eth1 to any port 27017 #MongoDB
ufw enable
echo "[?] Current Status [?]"
ufw status numbered verbose
echo "[-] Removing temp files [-]"
rm ips-v4
rm ips-v6
echo "[+] Done [+]"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment