Debian Linux下通过设置UFW规则实现DDoS防护

网站域名托管于CloudFlare，且仅允许CloudFlare节点访问服务器。

Debian或Ubuntu系统下利用UFW工具一键添加防火墙规则的脚本：

代码：ufw_rules_add.sh

#!/bin/bash

for ipv4 in `curl -s https://www.cloudflare.com/ips-v4 | tee ips-v4`
do
    sudo ufw allow from $ipv4 to any port 80
    sudo ufw allow from $ipv4 to any port 443
    sudo ufw allow from $ipv4 to any port 8443
done

for ipv6 in `curl -s https://www.cloudflare.com/ips-v6 | tee ips-v6`
do
    sudo ufw allow from $ipv6 to any port 80
    sudo ufw allow from $ipv6 to any port 443
done

代码：ufw_rules_delete.sh

#!/bin/bash

for ipv4 in `cat ips-v4`
do
    sudo ufw delete allow from $ipv4 to any port 80
    sudo ufw delete allow from $ipv4 to any port 443
    sudo ufw allow from $ipv4 to any port 8443
done

for ipv6 in `cat ips-v6`
do
    sudo ufw delete allow from $ipv6 to any port 80
    sudo ufw delete allow from $ipv6 to any port 443
done