#!/bin/sh
# Allow all traffic from Cloudflare IPs (no ports restriction)
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip comment 'Cloudflare IP'; done
ufw reload > /dev/null
# OTHER EXAMPLE RULES
# Restrict to port 80 (tcp)
#for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip to any port 80 comment 'Cloudflare IP'; done
# Restrict to port 443 (tcp & udp)
#for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow from $cfip to any port 443 comment 'Cloudflare IP'; done
# Restrict to ports 80 & 443 (tcp)
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip to any port 80,443 comment 'Cloudflare IP'; done
好帖帮顶
@acaiplus #10 ssh咋办
ufw allow 22
22为你的SSH端口。
脚本只放行CF的IP访问80和443。
用脚本更简单