Last active
June 17, 2024 21:08
-
-
Save flexchar/cfdc73a7420cc442f6be064e4a828df5 to your computer and use it in GitHub Desktop.
Allow Cloudflare's public IPv4 on Google VPC Firewall
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Fetching cloudflare IPs" | |
| IPS4=$(curl -s https://www.cloudflare.com/ips-v4) | |
| # IPS6=$(curl -s https://www.cloudflare.com/ips-v6) # IPv6 is not supported by Google yet | |
| IPS6="" | |
| LIST=$(paste -sd',' <<<"$IPS4 $IPS6") | |
| if [[ -n $LIST ]]; then | |
| echo "Got it!" | |
| echo $LIST | |
| else | |
| echo "Failed" | |
| exit 1 | |
| fi | |
| command="gcloud compute --project=[project name here] firewall-rules" | |
| result=$($command list --filter cloudflare --format=text) | |
| exists=$(echo $result | grep -n cloudflare) | |
| # Check if exists network rules. then update | |
| if [[ -n $exists ]]; then | |
| echo "Rules found..." | |
| # echo $result | |
| $($command update allow-cloudflare-ipv4 --source-ranges=$LIST) | |
| else # Otherwise create new | |
| echo "No such rule found..." | |
| $($command create allow-cloudflare-ipv4 --allow=tcp:443 --source-ranges=$LIST) | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment