This commit refactors the Cloudflare UFW Updater script, which automa…

…tically

updates UFW (Uncomplicated Firewall) rules to allow incoming HTTP and HTTPS
traffic only from Cloudflare IP addresses.

The script includes the following features and enhancements:
- Fetches the latest Cloudflare IP addresses (IPv4 and IPv6) from the official Cloudflare API endpoints.
- Updates UFW rules to allow incoming traffic on specified ports (80 and 443) only from the fetched Cloudflare IP addresses.
- Supports customization through a configuration file or environment variables, allowing users to specify custom ports, rule labels, and log file paths.
- Implements logging functionality to track script execution and any errors encountered, with timestamps and log levels.
- Performs error handling and dependency checks to ensure smooth operation and provide informative error messages.
- Includes a backup and restore mechanism for UFW rules, allowing easy rollback to the previous state if needed.
- Follows the Google Shell Style Guide for consistent and maintainable code style, and passes ShellCheck for static analysis.
- Incorporates a MIT license header to clearly define the terms of use and distribution.
- Provides a comprehensive README.md file with installation instructions, usage guidelines, configuration options, and troubleshooting tips.
- Includes a Dockerfile for containerization and easy deployment of the script.
- Adds a dependabot configuration file to enable automatic dependency updates for GitHub Actions and Docker.
- Implements a GitHub Actions workflow for automated testing using BATS (Bash Automated Testing System) and running tests in a containerized environment.

This commit lays the foundation for a robust and maintainable solution to
manage UFW rules for Cloudflare IP addresses, promoting security and
automation.

.github/.dependabot.yml

@@ -1,9 +1,35 @@
 version: 2
 updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore:"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "docker"
+
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    commit-message:
+      prefix: "chore:"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"
+
+  - package-ecosystem: "github-actions"
+    directory: "/.github/workflows"
+    schedule:
+      interval: "weekly"
     commit-message:
       prefix: "chore:"
       include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"
+      - "workflows"

.github/workflows/test.yml

@@ -13,15 +13,19 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-    - name: Set up BATS
-      run: |
-        git clone https://github.com/bats-core/bats-core.git
-        cd bats-core
-        sudo ./install.sh /usr/local
+      - name: Set up BATS
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y bats
 
-    - name: Run tests
-      run: |
-        bats test_cf_ufw.bats
+      - name: Set up test environment
+        run: |
+          sudo apt-get install -y ufw curl
+
+      - name: Run tests
+        run: |
+          cd tests
+          sudo bats cloudflare_ufw_updater.bats

.gitignore

@@ -5,6 +5,8 @@ __pycache__/
 
 # C extensions
 *.so
+.idea
+.vscode
 
 # Distribution / packaging
 .Python

Dockerfile

@@ -1,14 +1,17 @@
-# Use a lightweight base image with shell capabilities
-FROM alpine:latest
+FROM ubuntu:latest
 
-# Install curl and ufw (Uncomplicated Firewall)
-RUN apk add --no-cache curl ufw
+# Install dependencies
+RUN apt-get update && \
+    apt-get install -y ufw curl
 
-# Copy the script into the container
-COPY cf_ufw.sh /cf_ufw.sh
+# Create a directory for the script
+RUN mkdir /app
 
-# Set the script as executable
-RUN chmod +x /cf_ufw.sh
+# Copy the script to the container
+COPY cloudflare-ufw-updater.sh /app/
 
-# Set the entrypoint to run the script
-ENTRYPOINT ["/cf_ufw.sh"]
+# Make the script executable
+RUN chmod +x /app/cloudflare-ufw-updater.sh
+
+# Set the entrypoint to the script
+ENTRYPOINT ["/app/cloudflare-ufw-updater.sh"]

README.md

@@ -1,53 +1,105 @@
 # Cloudflare UFW Updater
 
-This repository contains a script `cf_ufw.sh` that automatically updates UFW rules to allow only HTTP and HTTPS traffic from Cloudflare IP addresses, ensuring a secure and up-to-date firewall.
+A Bash script to automatically update UFW (Uncomplicated Firewall) rules to allow incoming HTTP and HTTPS traffic only from Cloudflare IP addresses.
+
+## Features
+
+- Fetches the latest Cloudflare IP addresses (IPv4 and IPv6) from the official Cloudflare API.
+- Updates UFW rules to allow incoming traffic on specified ports only from Cloudflare IP addresses.
+- Supports customization through a configuration file or environment variables.
+- Provides logging functionality to track script execution and any errors encountered.
+- Includes error handling and dependency checks to ensure smooth operation.
+- Supports backup and restore of UFW rules for easy rollback if needed.
 
 ## Prerequisites
 
-- UFW (Uncomplicated Firewall) installed and enabled
-- `curl` command-line tool installed
+- UFW (Uncomplicated Firewall) installed and enabled on your system.
+- Bash shell environment.
+- `curl` command-line tool for fetching Cloudflare IP addresses.
 
 ## Installation
 
-1. Clone the repository:
-
-`git clone https://github.com/yourusername/cloudflare-ufw-updater.git`
+1. Clone the repository or download the script file:
 
-2. Change to the repository directory:
+   ```bash
+   git clone https://github.com/yourusername/cloudflare-ufw-updater.git
+   ```
 
-`cd cloudflare-ufw-updater`
+2. Make the script executable:
 
-3. Make the script executable:
+   ```bash
+   chmod +x cloudflare-ufw-updater.sh
+   ```
 
-`chmod +x cf_ufw.sh`
+3. (Optional) Create a configuration file at `/etc/cloudflare-ufw-updater.conf` to customize the script's behavior. See the "Configuration" section for more details.
 
 ## Usage
 
-You can run the script manually:
+Run the script with root privileges:
 
-`./cf_ufw.sh`
+```bash
+sudo ./cloudflare-ufw-updater.sh
+```
 
-To schedule the script to run automatically every day, follow these steps:
+The script will fetch the latest Cloudflare IP addresses, update the UFW rules, and reload UFW to apply the changes.
 
-1. Open the root user's crontab:
+## Configuration
 
-`sudo crontab -e`
+The script can be customized through a configuration file or environment variables.
 
-2. Add the following line to the end of the file, replacing `/path/to/script` with the actual path to the `cf_ufw.sh` script:
+### Configuration File
 
-`@daily /path/to/script/cf_ufw.sh &> /dev/null`
+Create a configuration file at `/etc/cloudflare-ufw-updater.conf` with the following variables:
 
-3. Save and exit the editor. The script will now run once a day, updating your UFW rules to the latest Cloudflare IP ranges.
+```bash
+# Cloudflare IP address URLs
+CLOUDFLARE_IPV4_URL="https://www.cloudflare.com/ips-v4"
+CLOUDFLARE_IPV6_URL="https://www.cloudflare.com/ips-v6"
 
-## Inspired by
-[https://github.com/Paul-Reed/cloudflare-ufw/blob/master/cloudflare-ufw.sh](https://github.com/Paul-Reed/cloudflare-ufw/blob/master/cloudflare-ufw.sh)
+# Allowed HTTP/HTTPS ports
+ALLOWED_HTTP_PORTS="80,443,8080"
 
-[https://github.com/jakejarvis/cloudflare-ufw-updater/](https://github.com/jakejarvis/cloudflare-ufw-updater/)
+# Cloudflare UFW rule label
+CLOUDFLARE_RULE_LABEL="Cloudflare"
 
-## Contributing
+# Log file path
+LOG_FILE="/var/log/cloudflare-ufw-updater.log"
+
+# Backup file path
+BACKUP_FILE="/etc/ufw/cloudflare-ufw-updater.backup"
+```
+
+Adjust the values according to your requirements.
+
+### Environment Variables
+
+You can also set configuration values using environment variables. The script will prioritize environment variables over the values in the configuration file.
+
+Example:
 
-If you'd like to contribute to this project, please submit a pull request with your changes or open an issue to discuss your ideas.
+```bash
+LOG_FILE="/path/to/custom/log.txt" ./cloudflare-ufw-updater.sh
+```
+
+## Logging
+
+The script logs its execution details and any errors encountered to the specified log file (default: `/var/log/cloudflare-ufw-updater.log`). You can customize the log file path in the configuration file or through the `LOG_FILE` environment variable.
+
+## Backup and Restore
+
+The script automatically creates a backup of the current UFW rules before making any changes. The backup file is stored at the path specified by the `BACKUP_FILE` variable (default: `/etc/ufw/cloudflare-ufw-updater.backup`).
+
+To restore the UFW rules from the backup file, run the script with the `--restore` flag:
+
+```bash
+sudo ./cloudflare-ufw-updater.sh --restore
+```
 
 ## License
 
-This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for more information.
+This script is released under the [MIT License](LICENSE).
+
+## Contributing
+
+Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request on the [GitHub repository](https://github.com/yourusername/cloudflare-ufw-updater).
+````

cloudflare-ufw-updater.conf

@@ -0,0 +1,20 @@
+# Cloudflare UFW Updater Configuration File
+
+# URLs to fetch the Cloudflare IP addresses
+CLOUDFLARE_IPV4_URL="https://www.cloudflare.com/ips-v4"
+CLOUDFLARE_IPV6_URL="https://www.cloudflare.com/ips-v6"
+
+# Ports to allow HTTP and HTTPS traffic
+ALLOWED_HTTP_PORTS="80,443"
+
+# Label used for UFW rules
+CLOUDFLARE_RULE_LABEL="Cloudflare"
+
+# Path to the log file
+LOG_FILE="/var/log/cloudflare-ufw-updater.log"
+
+# Path to the backup file for UFW rules
+BACKUP_FILE="/etc/ufw/cloudflare-ufw-updater.backup"
+
+# Optional: Define the minimum required version of UFW
+MIN_UFW_VERSION="0.36"