Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add cloudflare.conf include file support
and tools/csfcf.sh script to update cloudflare.conf include file https://community.centminmod.com/posts/26591/ using command manually or setup a cronjob [CODE] /usr/local/src/centminmod/tools/csfcf.sh auto [/CODE]
- Loading branch information
1 parent
cd8349c
commit 364f835
Showing
7 changed files
with
233 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
set_real_ip_from 103.21.244.0/22; | ||
set_real_ip_from 103.22.200.0/22; | ||
set_real_ip_from 103.31.4.0/22; | ||
set_real_ip_from 104.16.0.0/12; | ||
set_real_ip_from 108.162.192.0/18; | ||
set_real_ip_from 131.0.72.0/22; | ||
set_real_ip_from 141.101.64.0/18; | ||
set_real_ip_from 162.158.0.0/15; | ||
set_real_ip_from 172.64.0.0/13; | ||
set_real_ip_from 173.245.48.0/20; | ||
set_real_ip_from 188.114.96.0/20; | ||
set_real_ip_from 190.93.240.0/20; | ||
set_real_ip_from 197.234.240.0/22; | ||
set_real_ip_from 198.41.128.0/17; | ||
set_real_ip_from 199.27.128.0/21; | ||
#set_real_ip_from 2400:cb00::/32; | ||
#set_real_ip_from 2405:8100::/32; | ||
#set_real_ip_from 2405:b500::/32; | ||
#set_real_ip_from 2606:4700::/32; | ||
#set_real_ip_from 2803:f800::/32; | ||
real_ip_header CF-Connecting-IP; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,173 @@ | ||
#!/bin/bash | ||
############################### | ||
# written by George Liu (eva2000) | ||
# centminmod.com | ||
############################### | ||
CFIPLOG='/root/cfips.txt' | ||
CFIP6LOG='/root/cfips6.txt' | ||
CFIPNGINXLOG='/root/cfnginxlog.log' | ||
CFIPCSFLOG='/root/csf_log.log' | ||
CFINCLUDEFILE='/usr/local/nginx/conf/cloudflare.conf' | ||
############################### | ||
if [[ ! -f /usr/bin/curl ]]; then | ||
echo "Installing curl please wait..." | ||
yum -y -q install curl | ||
fi | ||
############################### | ||
ipv4get() { | ||
/usr/bin/curl -s https://www.cloudflare.com/ips-v4 > $CFIPLOG | ||
|
||
CFIPS=$(cat $CFIPLOG) | ||
|
||
echo "--------------------------------------------" | ||
echo " Downloading Cloudflare IP list" | ||
echo " from: https://www.cloudflare.com/ips-v4" | ||
echo "--------------------------------------------" | ||
echo "" | ||
echo "--------------------------------------------" | ||
echo " Format for Centminmod.com Nginx Installer" | ||
echo " 1). add to nginx.conf" | ||
echo " 2). add to /etc/csf/csf.allow" | ||
echo "--------------------------------------------" | ||
|
||
for ip in $CFIPS; | ||
do | ||
echo "set_real_ip_from $ip;" >> $CFIPNGINXLOG | ||
echo "csf -a $ip cloudflare" >> $CFIPCSFLOG | ||
done | ||
echo "real_ip_header CF-Connecting-IP;" >> $CFIPNGINXLOG | ||
|
||
echo "--------------------------------------------" | ||
echo " 1). add to nginx.conf" | ||
echo "--------------------------------------------" | ||
cat $CFIPNGINXLOG | ||
|
||
echo "" | ||
|
||
echo "--------------------------------------------" | ||
echo " 2). add to /etc/csf/csf.allow" | ||
echo "--------------------------------------------" | ||
cat $CFIPCSFLOG | ||
|
||
rm -rf $CFIPLOG | ||
rm -rf $CFIPNGINXLOG | ||
rm -rf $CFIPCSFLOG | ||
|
||
echo "--------------------------------------------" | ||
} | ||
|
||
############################### | ||
ipv6get() { | ||
/usr/bin/curl -s https://www.cloudflare.com/ips-v6 > $CFIP6LOG | ||
|
||
CFIPS=$(cat $CFIP6LOG) | ||
|
||
echo "--------------------------------------------" | ||
echo " Downloading Cloudflare IP list" | ||
echo " from: https://www.cloudflare.com/ips-v6" | ||
echo "--------------------------------------------" | ||
echo "" | ||
echo "--------------------------------------------" | ||
echo " Format for Centminmod.com Nginx Installer" | ||
echo " 1). add to nginx.conf" | ||
echo " 2). add to /etc/csf/csf.allow" | ||
echo "--------------------------------------------" | ||
|
||
for ip in $CFIPS; | ||
do | ||
echo "set_real_ip_from $ip;" >> $CFIPNGINXLOG | ||
echo "csf -a $ip cloudflare" >> $CFIPCSFLOG | ||
done | ||
echo "real_ip_header CF-Connecting-IP;" >> $CFIPNGINXLOG | ||
|
||
echo "--------------------------------------------" | ||
echo " 1). add to nginx.conf" | ||
echo "--------------------------------------------" | ||
cat $CFIPNGINXLOG | ||
|
||
echo "" | ||
|
||
echo "--------------------------------------------" | ||
echo " 2). add to /etc/csf/csf.allow" | ||
echo "--------------------------------------------" | ||
cat $CFIPCSFLOG | ||
|
||
rm -rf $CFIPLOG | ||
rm -rf $CFIPNGINXLOG | ||
rm -rf $CFIPCSFLOG | ||
|
||
echo "--------------------------------------------" | ||
} | ||
|
||
############################### | ||
csfadd() { | ||
/usr/bin/curl -s https://www.cloudflare.com/ips-v4 > $CFIPLOG | ||
/usr/bin/curl -s https://www.cloudflare.com/ips-v6 > $CFIP6LOG | ||
|
||
CFIPS=$(cat $CFIPLOG) | ||
CFIP6S=$(cat $CFIP6LOG) | ||
|
||
echo "--------------------------------------------" | ||
echo " Add Cloudflare IP list to CSF" | ||
echo " from: https://www.cloudflare.com/ips-v4" | ||
echo " from: https://www.cloudflare.com/ips-v6" | ||
echo "--------------------------------------------" | ||
echo "" | ||
|
||
|
||
echo "--------------------------------------------" | ||
echo " Add to /etc/csf/csf.allow" | ||
echo "--------------------------------------------" | ||
|
||
for ip in $CFIPS; | ||
do | ||
csf -a $ip cloudflare | ||
done | ||
|
||
for ip in $CFIP6S; | ||
do | ||
csf -a $ip cloudflare | ||
done | ||
} | ||
|
||
############################### | ||
nginxsetup() { | ||
echo | ||
# echo "create $CFINCLUDEFILE include file" | ||
echo > $CFINCLUDEFILE | ||
cflista=$(/usr/bin/curl -s https://www.cloudflare.com/ips-v4) | ||
cflistb=$(/usr/bin/curl -s https://www.cloudflare.com/ips-v6) | ||
for i in $cflista; do | ||
echo "set_real_ip_from $i;" >> $CFINCLUDEFILE | ||
done | ||
for i in $cflistb; do | ||
echo "#set_real_ip_from $i;" >> $CFINCLUDEFILE | ||
done | ||
echo "real_ip_header CF-Connecting-IP;" >> $CFINCLUDEFILE | ||
service nginx reload >/dev/null 2>&1 | ||
echo "created $CFINCLUDEFILE include file" | ||
} | ||
|
||
############################### | ||
case "$1" in | ||
ipv4) | ||
ipv4get | ||
;; | ||
ipv6) | ||
ipv6get | ||
;; | ||
csf) | ||
csfadd | ||
;; | ||
nginx) | ||
nginxsetup | ||
;; | ||
auto) | ||
csfadd | ||
nginxsetup | ||
;; | ||
*) | ||
echo "$0 {ipv4|ipv6|csf|nginx|auto}" | ||
;; | ||
esac | ||
exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters