cloudflare-ufw-sync

Synchronizes UFW firewall rules with Cloudflare IPs for improved security.

MIT License

Stars
2
View Code on GitHub
Ecosystems: Cloudflare, Linux, Shell

Cloudflare UFW Updater

A Bash script to automatically update UFW (Uncomplicated Firewall) rules to allow incoming HTTP and HTTPS traffic only from Cloudflare IP addresses.

Features

  • Fetches the latest Cloudflare IP addresses (IPv4 and IPv6) from the official Cloudflare API.
  • Updates UFW rules to allow incoming traffic on specified ports only from Cloudflare IP addresses.
  • Supports customization through a configuration file or environment variables.
  • Provides logging functionality to track script execution and any errors encountered.
  • Includes error handling and dependency checks to ensure smooth operation.
  • Supports backup and restore of UFW rules for easy rollback if needed.

Prerequisites

  • UFW (Uncomplicated Firewall) installed and enabled on your system.
  • Bash shell environment.
  • curl command-line tool for fetching Cloudflare IP addresses.

Installation

  1. Clone the repository or download the script file:

    git clone https://github.com/yourusername/cloudflare-ufw-updater.git

  2. Make the script executable:

    chmod +x cloudflare-ufw-updater.sh

  3. (Optional) Create a configuration file at /etc/cloudflare-ufw-updater.conf to customize the script's behavior. See the "Configuration" section for more details.

Usage

Run the script with root privileges:

sudo ./cloudflare-ufw-updater.sh

The script will fetch the latest Cloudflare IP addresses, update the UFW rules, and reload UFW to apply the changes.

Configuration

The script can be customized through a configuration file or environment variables.

Configuration File

Create a configuration file at /etc/cloudflare-ufw-updater.conf with the following variables:

# Cloudflare IP address URLs
CLOUDFLARE_IPV4_URL="https://www.cloudflare.com/ips-v4"
CLOUDFLARE_IPV6_URL="https://www.cloudflare.com/ips-v6"

# Allowed HTTP/HTTPS ports
ALLOWED_HTTP_PORTS="80,443,8080"

# Cloudflare UFW rule label
CLOUDFLARE_RULE_LABEL="Cloudflare"

# Log file path
LOG_FILE="/var/log/cloudflare-ufw-updater.log"

# Backup file path
BACKUP_FILE="/etc/ufw/cloudflare-ufw-updater.backup"

Adjust the values according to your requirements.

Environment Variables

You can also set configuration values using environment variables. The script will prioritize environment variables over the values in the configuration file.

Example:

LOG_FILE="/path/to/custom/log.txt" ./cloudflare-ufw-updater.sh

Logging

The script logs its execution details and any errors encountered to the specified log file (default: /var/log/cloudflare-ufw-updater.log). You can customize the log file path in the configuration file or through the LOG_FILE environment variable.

Backup and Restore

The script automatically creates a backup of the current UFW rules before making any changes. The backup file is stored at the path specified by the BACKUP_FILE variable (default: /etc/ufw/cloudflare-ufw-updater.backup).

To restore the UFW rules from the backup file, run the script with the --restore flag:

sudo ./cloudflare-ufw-updater.sh --restore

License

This script is released under the MIT License.

Contributing

Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.

Related Projects
cloudflare-ddns-update

Cloudflare Dynamic DNS updater

28 Apr 2023 2
fds

The go-to FirewallD CLI app.

28 Jan 2020 12
cloudflare-ufw-updater

🔥 🧱 UFW rule updater to only allow HTTP and HTTPS traffic from Cloudflare IP address ranges

06 Dec 2019 21
cloudflare-ddns

🌟 A small, feature-rich, and robust Cloudflare DDNS updater

04 Jun 2021 503
python-cloudflare-cli4

CLI for Cloudflare API v4

07 May 2024 0
cloudflare-ufw

Script to update UFW with Cloudflare IPs

01 Aug 2016 630
api-failover

Using the Cloudflare API to change DNS records to maximize uptime

15 Oct 2022 7
cloudflare-ddns-updater

Dynamic DNS (DDNS) service based on Cloudflare! Access your home network remotely via a custom do...

09 Nov 2020 1,355
dnsupdater

Automatically update your DNS record to match your current external IP address

13 Oct 2018 29
unifi-ddns

Cloudflare DDNS (Dynamic DNS) support for UniFi OS

02 Feb 2022 791
Node-Cloudflare-WAF-AbuseIPDB

A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the...

15 Aug 2024 2
DDNS-Cloudflare-Bash

Cloudflare DDNS bash Script for most Linux distributions and MacOS. Choose any source IP address ...

01 Oct 2020 257
cfddns-updater

CloudFlare DDNS Updater is a Python script that can keep your domains in sync with the dynamic IP...

14 Oct 2018 1
cloudflare-dynamic-best

Automatically select the best Cloudflare IP for your Cloudflare DNS record

02 Jul 2023 29
cf-nginx-iptables-automation

A small, but neat Bash script that retrieves the latest IPv4 and IPv6 ranges from CloudFlare and ...

30 Jan 2024 8