#!/usr/bin/env bash
set -euo pipefail
# lock it
PIDFILE="/tmp/$(basename "${BASH_SOURCE[0]%.*}.pid")"
exec 200>${PIDFILE}
flock -n 200 || ( echo "${BASH_SOURCE[0]} script is already running. Aborting . ." && exit 1 )
PID=$$
echo ${PID} 1>&200
cd "$(dirname $(readlink -f "${BASH_SOURCE[0]}"))"
CUR_DIR="$(pwd)"
wget https://www.cloudflare.com/ips-v4 -O ips-v4
wget https://www.cloudflare.com/ips-v6 -O ips-v6
for cfip in `cat ips-v4`; do /usr/sbin/ufw allow from $cfip to any port 80,443 proto tcp comment "cloudflare"; done
for cfip in `cat ips-v6`; do /usr/sbin/ufw allow from $cfip to any port 80,443 proto tcp comment "cloudflare"; done
/usr/sbin/ufw reload > /dev/null
