Skip to content

Commit 1ce8327

Browse files
StrangeRangerStrangeRanger
committed
Specify script is in beta
1 parent 40f03a3 commit 1ce8327

1 file changed

Lines changed: 16 additions & 19 deletions

File tree

hardening/UFW Cloudflare/ufw-cloudflare.bash

Lines changed: 16 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
11
#!/bin/bash
22
#
3+
# Sets up UFW to only allow HTTP and HTTPS traffic from Cloudflare's IP ranges.
34
#
5+
# Version: v1.0.0-beta.1
6+
# License: MIT License
7+
# Copyright (c) 2024 Hunter T. (StrangeRanger)
48
#
59
########################################################################################
610
####[ Global Variables ]################################################################
@@ -20,16 +24,15 @@ stage=0
2024

2125

2226
####
23-
# Description:
24-
# Check if a UFW rule exists for a specific IP address and port.
27+
# Check if a UFW rule exists for a specific IP address and port.
2528
#
26-
# Arguments:
29+
# PARAMETERS:
2730
# - $1: ip (Required)
2831
# - The IP address to check.
2932
# - $2: port (Required)
3033
# - The port to check.
3134
#
32-
# Return:
35+
# RETURN:
3336
# - 0: The rule exists.
3437
# - ?: The rule does not exist.
3538
ufw_rule_exists() {
@@ -40,11 +43,10 @@ ufw_rule_exists() {
4043
}
4144

4245
####
43-
# Description:
44-
# Retrieves the rule number of all Cloudflare IP rules currently set in UFW, then
45-
# stores them in an array.
46+
# Retrieves the rule number of all Cloudflare IP rules currently set in UFW, then
47+
# stores them in an array.
4648
#
47-
# Arguments:
49+
# PARAMETERS:
4850
# - $1: string_to_grep (Required)
4951
# - The string to grep for in the UFW status output.
5052
# - Acceptable values:
@@ -69,9 +71,8 @@ get_set_cloudflare_rule_numbers() {
6971
}
7072

7173
####
72-
# Description:
73-
# Retrieves the IP addresses of all Cloudflare IP rules currently set in UFW, then
74-
# stores them in an array.
74+
# Retrieves the IP addresses of all Cloudflare IP rules currently set in UFW, then
75+
# stores them in an array.
7576
get_set_cloudflare_ip_ranges() {
7677
while IFS= read -r line; do
7778
ip=$(echo "$line" | awk '{print $3}') # Extract the IP address.
@@ -80,8 +81,7 @@ get_set_cloudflare_ip_ranges() {
8081
}
8182

8283
####
83-
# Description:
84-
# Set the new Cloudflare IP ranges in UFW, retrieved from the Cloudflare website.
84+
# Set the new Cloudflare IP ranges in UFW, retrieved from the Cloudflare website.
8585
set_new_cloudflare_ip_ranges() {
8686
for ip in "${new_cloudflare_ip_ranges[@]}"; do
8787
ufw_rule_exists "$ip" "80,443" \
@@ -90,8 +90,7 @@ set_new_cloudflare_ip_ranges() {
9090
}
9191

9292
####
93-
# Description:
94-
# Restores the previous (non-new) Cloudflare IP ranges in UFW.
93+
# Restores the previous (non-new) Cloudflare IP ranges in UFW.
9594
restore_current_cloudflare_ip_ranges() {
9695
for ip in "${current_cloudflare_ip_ranges[@]}"; do
9796
ufw_rule_exists "$ip" "80,443" \
@@ -100,8 +99,7 @@ restore_current_cloudflare_ip_ranges() {
10099
}
101100

102101
####
103-
# Description:
104-
# Deletes all Cloudflare IP rules currently set in UFW.
102+
# Deletes all Cloudflare IP rules currently set in UFW.
105103
delete_set_cloudflare_rules() {
106104
get_set_cloudflare_rule_numbers "0"
107105

@@ -112,8 +110,7 @@ delete_set_cloudflare_rules() {
112110
}
113111

114112
####
115-
# Description:
116-
# Cleanup function to close ports 80 and 443 from any IP address.
113+
# Cleanup function to close ports 80 and 443 from any IP address.
117114
cleanup() {
118115
case $stage in
119116
2)

0 commit comments

Comments
 (0)