We use cookies to ensure you get the best experience on our website
Home Explore Help
Sign In
mirror
/
bash-linux-utils
mirror of https://github.com/vladimirok5959/bash-linux-utils.git
2
0
Fork 0
Files Wiki
Branch: master
Branches Tags
bash-linux-util...
/
iptables-http-cloudflare

iptables-http-cloudflare 861 B
Permalink History Raw

1234567891011121314151617181920212223242526272829303132 
  1. #!/bin/bash
    2. 

  2. 

  3. # Check for root user
    4. 

  4. CURR_USER=`/usr/bin/whoami`
    5. 

  5. if [ "$CURR_USER" != "root" ]; then
    6. 

  6. 	echo "I need root rights... Please login from root"
    7. 

  7. 	exit
    8. 

  8. fi
    9. 

  9. 

  10. # Clear rules
    11. 

  11. /usr/local/bin/iptables-http-clear
    12. 

  12. 

  13. # Download IP list to temp file
    14. 

  14. /usr/bin/wget "https://www.cloudflare.com/ips-v4" -O /tmp/ipslist.txt
    15. 

  15. 

  16. # Deny all requests to port 80 from all
    17. 

  17. /sbin/iptables -I INPUT -p tcp -s 0.0.0.0/0 --dport 80 -j REJECT --reject-with tcp-reset
    18. 

  18. 

  19. # Allow requests from www.cloudflare.com
    20. 

  20. while read ip; do
    21. 

  21. 	if [ "$ip" != "" ]; then
    22. 

  22. 		/sbin/iptables -I INPUT -p tcp -s $ip --dport 80 -j ACCEPT
    23. 

  23. 	fi
    24. 

  24. done < /tmp/ipslist.txt
    25. 

  25. 

  26. # Allow from our servers
    27. 

  27. # /sbin/iptables -I INPUT -p tcp -s 127.0.0.1 --dport 80 -j ACCEPT
    28. 

  28. # /sbin/iptables -I INPUT -p tcp -s 127.0.0.2 --dport 80 -j ACCEPT
    29. 

  29. # Where "127.0.0.1" is our server IP
    30. 

  30. 

  31. # Remove temp file
    32. 

  32. /bin/rm /tmp/ipslist.txt
    33.