Last active
January 22, 2023 10:01
-
-
Save sudo-gecko/de00abe290ffd8b005dd616633a8ba40 to your computer and use it in GitHub Desktop.
Allow 80, 443 Port Cloudflare only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ $(whoami) != "root" ] | |
then | |
echo "Please run as root" | |
exit | |
fi | |
#ipv4 | |
for i in `curl -s https://www.cloudflare.com/ips-v4` | |
do | |
/sbin/iptables -I INPUT -p tcp -s $i --dport 80 -j ACCEPT | |
/sbin/iptables -I INPUT -p tcp -s $i --dport 443 -j ACCEPT | |
done | |
#ipv6 | |
for i in `curl -s https://www.cloudflare.com/ips-v6` | |
do | |
/sbin/ip6tables -I INPUT -p tcp -s $i --dport 80 -j ACCEPT | |
/sbin/ip6tables -I INPUT -p tcp -s $i --dport 443 -j ACCEPT | |
done | |
#Dropping packets not coming from Cloudflare | |
/sbin/iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP | |
/sbin/ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
curl -sSL https://gist.githubusercontent.com/parkkw472/de00abe290ffd8b005dd616633a8ba40/raw/42976931b534b6591365b71098f211ece5a33edb/Only-Cloudflare.sh | bash
Available on Debian 9,10 / Ubuntu 14.04, 16.04, 18.04, and 20.04.