Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
Simple CloudFlare Script for Linux security
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Johno" data-source="post: 465954" data-attributes="member: 6980"><p>I have seen more and more retros now using Linux for the operating system for their hotels but have had a lot of people asking about stopping direct access to their website if they display the IP address in their client browser.</p><p></p><p>I have decided to share this, this is V1 of a simple script I created that will only allow IP addresses from the CloudFlare network to connect to your port 80 & 443</p><p></p><p>[CODE=bash]#!/bin/bash</p><p>##########################################################################################################################</p><p># Script to block incoming connection to port 80, 443 from all host and allow only from cloudflare IP (both ipv4 and ipv6)</p><p># Created By : xHosts</p><p>##########################################################################################################################</p><p>## ----------------------------------</p><p># Define variables</p><p># ----------------------------------</p><p>RED='\033[0;41;30m'</p><p>GREEN='\033[0;42;30m'</p><p>STD='\033[0;0;39m'</p><p>YES=[Yy]*</p><p>NO=[Nn]*</p><p>ALL=[Aa]*</p><p>TEMP=/tmp</p><p>CURRENT_PATH=`pwd`</p><p>TEMPFILE3=`mktemp -p ${TEMP}`</p><p>TEMPFILE4=`mktemp -p ${TEMP}`</p><p>#Cloudflare ip last updated on December 2020</p><p>CLOUDFLARE_IPV4_ARR=("173.245.48.0/20" "103.21.244.0/22" "103.22.200.0/22" "103.31.4.0/22" "141.101.64.0/18" "108.162.192.0/18" "190.93.240.0/20" "188.114.96.0/20" "197.234.240.0/22" "198.41.128.0/17" "162.158.0.0/15" "104.16.0.0/12" "172.64.0.0/13" "131.0.72.0/22")</p><p>CLOUDFLARE_IPV6_ARR=("2400:cb00::/32" "2606:4700::/32" "2803:f800::/32" "2405:b500::/32" "2405:8100::/32" "2a06:98c0::/29" "2c0f:f248::/32")</p><p>PORT_TO_BLOCK=("80" "443")</p><p>DEFAULT_INTERFACE=eth0 #Check Default Interface</p><p>IPV4_ENABLE=1</p><p>IPV6_ENABLE=1</p><p></p><p># ----------------------------------</p><p># Check for needed tools</p><p># ----------------------------------</p><p>#Check for iptables</p><p>OUTPUT=`command -v iptables`</p><p>if [ ! ${OUTPUT} ]</p><p>then</p><p> echo -e "${RED}Error: iptables program needed but not exist, please install it.${STD}"</p><p> exit 1 </p><p>fi</p><p>#Check if ipv6 enabled on this system</p><p>if [ -f /proc/net/if_inet6 ]</p><p>then</p><p> #IPv6 enabled, check for ip6tables if exist</p><p> OUTPUT=`command -v ip6tables`</p><p> if [ ! ${OUTPUT} ]</p><p> then</p><p> echo -e "${RED}Warning: ip6tables program not available. If you would like to block ipv6, please install it.${STD}"</p><p> IPV6_ENABLE=0</p><p> pause</p><p> fi</p><p>fi</p><p># ------------------------------------</p><p># Check if user have root privilege</p><p># ------------------------------------</p><p>if [ ! -w /etc/passwd ]</p><p>then</p><p> echo -e "${RED}Error: Please su to root first.${STD}"</p><p> exit 1</p><p>fi</p><p># ----------------------------------</p><p># User defined function</p><p># ----------------------------------</p><p>pause(){</p><p>#pause and wait for enter</p><p> read -p "Press [Enter] key to continue..."</p><p>}</p><p># ------------------------------------</p><p># Check if interface exist</p><p># ------------------------------------</p><p>INTERFACE=${DEFAULT_INTERFACE}</p><p>while true</p><p>do</p><p> ip link show | grep ^[1-9] | grep -q ${INTERFACE}</p><p> RETURN=$?</p><p> #0 = exist, 1 = not exist</p><p> if [ ${RETURN} -eq 1 ]</p><p> then</p><p> echo -e "${RED}Error: Interface ${INTERFACE} not found${STD} "</p><p> read -p "Please input interface to block: " INTERFACE</p><p> case "${INTERFACE}"</p><p> in</p><p> '')</p><p> echo -e "${RED}Error: Interface can not be blank${STD} "</p><p> INTERFACE=${DEFAULT_INTERFACE}</p><p> ;;</p><p> *)</p><p> ;;</p><p> esac</p><p> else</p><p> break</p><p> fi</p><p>done</p><p>echo -e "${GREEN}Using interface ${INTERFACE}${STD}"</p><p>#Generate iptables for ipv4 script block all incoming interface to port as listed</p><p>if [ ${IPV4_ENABLE} -eq 1 ]</p><p>then</p><p> for i in "${PORT_TO_BLOCK[@]}"</p><p> do</p><p> for j in "${CLOUDFLARE_IPV4_ARR[@]}"</p><p> do</p><p> echo "iptables -A INPUT -i ${INTERFACE} -s ${j} -p tcp --destination-port $i -j ACCEPT" >> ${TEMPFILE3}</p><p> done</p><p> done</p><p> for i in "${PORT_TO_BLOCK[@]}"</p><p> do</p><p> echo "iptables -A INPUT -i ${INTERFACE} -p tcp --destination-port $i -j DROP" >> ${TEMPFILE3}</p><p> done</p><p> #cat ${TEMPFILE3}</p><p>fi</p><p>#Run iptables for ipv4 script</p><p>bash ${TEMPFILE3}</p><p>#Generate iptables for ipv6 script block all incoming interface to port as listed</p><p>if [ ${IPV6_ENABLE} -eq 1 ]</p><p>then</p><p> for i in "${PORT_TO_BLOCK[@]}"</p><p> do</p><p> for j in "${CLOUDFLARE_IPV6_ARR[@]}"</p><p> do</p><p> echo "ip6tables -A INPUT -i ${INTERFACE} -s ${j} -p tcp --destination-port $i -j ACCEPT" >> ${TEMPFILE4}</p><p> done</p><p> done</p><p> for i in "${PORT_TO_BLOCK[@]}"</p><p> do</p><p> echo "ip6tables -A INPUT -i ${INTERFACE} -p tcp --destination-port $i -j DROP" >> ${TEMPFILE4}</p><p> done</p><p> #cat ${TEMPFILE4}</p><p>fi</p><p>#Run iptables for ipv4 script</p><p>bash ${TEMPFILE4}</p><p>rm -f ${TEMPFILE3} ${TEMPFILE4}</p><p>echo -e "${GREEN}Done.${STD}"</p><p>[/CODE]</p><p></p><p></p><p></p><p>You can either download the file directly or create, copy & paste and execute</p><p></p><h2>Saving File</h2><p>wget <a href="https://github.com/666bj/Linux-CloudFlare/blob/main/cloudflare.sh" target="_blank">https://github.com/666bj/Linux-CloudFlare/blob/main/cloudflare.sh</a> chmod +x cloudflare.sh bash cloudflare.sh</p><p></p><p>-- Job Done</p><p></p><h2>Create file</h2><p>Using a SSH text editor such as nano</p><p></p><p>nano cloudflare.sh</p><p></p><p>copy and paste the content of</p><p></p><p><a href="https://github.com/666bj/Linux-CloudFlare/blob/main/cloudflare.sh" target="_blank">https://github.com/666bj/Linux-CloudFlare/blob/main/cloudflare.sh</a></p><p></p><p>ctrl and x to save</p><p></p><p>chmod +x cloudflare.sh</p><p></p><p>bash cloudflare.sh</p><p></p><p>-- Job Done</p></blockquote><p></p>
[QUOTE="Johno, post: 465954, member: 6980"] I have seen more and more retros now using Linux for the operating system for their hotels but have had a lot of people asking about stopping direct access to their website if they display the IP address in their client browser. I have decided to share this, this is V1 of a simple script I created that will only allow IP addresses from the CloudFlare network to connect to your port 80 & 443 [CODE=bash]#!/bin/bash ########################################################################################################################## # Script to block incoming connection to port 80, 443 from all host and allow only from cloudflare IP (both ipv4 and ipv6) # Created By : xHosts ########################################################################################################################## ## ---------------------------------- # Define variables # ---------------------------------- RED='\033[0;41;30m' GREEN='\033[0;42;30m' STD='\033[0;0;39m' YES=[Yy]* NO=[Nn]* ALL=[Aa]* TEMP=/tmp CURRENT_PATH=`pwd` TEMPFILE3=`mktemp -p ${TEMP}` TEMPFILE4=`mktemp -p ${TEMP}` #Cloudflare ip last updated on December 2020 CLOUDFLARE_IPV4_ARR=("173.245.48.0/20" "103.21.244.0/22" "103.22.200.0/22" "103.31.4.0/22" "141.101.64.0/18" "108.162.192.0/18" "190.93.240.0/20" "188.114.96.0/20" "197.234.240.0/22" "198.41.128.0/17" "162.158.0.0/15" "104.16.0.0/12" "172.64.0.0/13" "131.0.72.0/22") CLOUDFLARE_IPV6_ARR=("2400:cb00::/32" "2606:4700::/32" "2803:f800::/32" "2405:b500::/32" "2405:8100::/32" "2a06:98c0::/29" "2c0f:f248::/32") PORT_TO_BLOCK=("80" "443") DEFAULT_INTERFACE=eth0 #Check Default Interface IPV4_ENABLE=1 IPV6_ENABLE=1 # ---------------------------------- # Check for needed tools # ---------------------------------- #Check for iptables OUTPUT=`command -v iptables` if [ ! ${OUTPUT} ] then echo -e "${RED}Error: iptables program needed but not exist, please install it.${STD}" exit 1 fi #Check if ipv6 enabled on this system if [ -f /proc/net/if_inet6 ] then #IPv6 enabled, check for ip6tables if exist OUTPUT=`command -v ip6tables` if [ ! ${OUTPUT} ] then echo -e "${RED}Warning: ip6tables program not available. If you would like to block ipv6, please install it.${STD}" IPV6_ENABLE=0 pause fi fi # ------------------------------------ # Check if user have root privilege # ------------------------------------ if [ ! -w /etc/passwd ] then echo -e "${RED}Error: Please su to root first.${STD}" exit 1 fi # ---------------------------------- # User defined function # ---------------------------------- pause(){ #pause and wait for enter read -p "Press [Enter] key to continue..." } # ------------------------------------ # Check if interface exist # ------------------------------------ INTERFACE=${DEFAULT_INTERFACE} while true do ip link show | grep ^[1-9] | grep -q ${INTERFACE} RETURN=$? #0 = exist, 1 = not exist if [ ${RETURN} -eq 1 ] then echo -e "${RED}Error: Interface ${INTERFACE} not found${STD} " read -p "Please input interface to block: " INTERFACE case "${INTERFACE}" in '') echo -e "${RED}Error: Interface can not be blank${STD} " INTERFACE=${DEFAULT_INTERFACE} ;; *) ;; esac else break fi done echo -e "${GREEN}Using interface ${INTERFACE}${STD}" #Generate iptables for ipv4 script block all incoming interface to port as listed if [ ${IPV4_ENABLE} -eq 1 ] then for i in "${PORT_TO_BLOCK[@]}" do for j in "${CLOUDFLARE_IPV4_ARR[@]}" do echo "iptables -A INPUT -i ${INTERFACE} -s ${j} -p tcp --destination-port $i -j ACCEPT" >> ${TEMPFILE3} done done for i in "${PORT_TO_BLOCK[@]}" do echo "iptables -A INPUT -i ${INTERFACE} -p tcp --destination-port $i -j DROP" >> ${TEMPFILE3} done #cat ${TEMPFILE3} fi #Run iptables for ipv4 script bash ${TEMPFILE3} #Generate iptables for ipv6 script block all incoming interface to port as listed if [ ${IPV6_ENABLE} -eq 1 ] then for i in "${PORT_TO_BLOCK[@]}" do for j in "${CLOUDFLARE_IPV6_ARR[@]}" do echo "ip6tables -A INPUT -i ${INTERFACE} -s ${j} -p tcp --destination-port $i -j ACCEPT" >> ${TEMPFILE4} done done for i in "${PORT_TO_BLOCK[@]}" do echo "ip6tables -A INPUT -i ${INTERFACE} -p tcp --destination-port $i -j DROP" >> ${TEMPFILE4} done #cat ${TEMPFILE4} fi #Run iptables for ipv4 script bash ${TEMPFILE4} rm -f ${TEMPFILE3} ${TEMPFILE4} echo -e "${GREEN}Done.${STD}" [/CODE] You can either download the file directly or create, copy & paste and execute [HEADING=1]Saving File[/HEADING] wget [URL]https://github.com/666bj/Linux-CloudFlare/blob/main/cloudflare.sh[/URL] chmod +x cloudflare.sh bash cloudflare.sh -- Job Done [HEADING=1]Create file[/HEADING] Using a SSH text editor such as nano nano cloudflare.sh copy and paste the content of [URL]https://github.com/666bj/Linux-CloudFlare/blob/main/cloudflare.sh[/URL] ctrl and x to save chmod +x cloudflare.sh bash cloudflare.sh -- Job Done [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
Simple CloudFlare Script for Linux security
Top