分享一个 shell 脚本,执行后更新 CF IP 到 ufw 443。
(前提当然是你的鸡能存取 cloudflare.com)
脚本在添加时会带有 Cloudflare IP 注解,删除时条件判断也是注解,所以不会影响其他自己设定的规则
RULES=$(sudo ufw status numbered | grep 'Cloudflare IP' | awk -F"[][]" '{print $2}' | sort -nr)
for RULE in $RULES; do
echo "Deleting rule $RULE"
echo "y" | sudo ufw delete $RULE
done
for cfip in `curl -sw '\n' https://www.cloudflare.com/ips-v{4,6}`; do ufw allow proto tcp from $cfip to any port 443 comment 'Cloudflare IP'; done
ufw reload > /dev/null