A little script to update DigitalOcean firewalls with official CloudFlare IPs.

This is useful to protect your backends against direct DoS and DDoS attacks on ports 80 and 443.

• Warning
• How to install
• Example
• Make cron

All Inbound Rules with type = HTTP or type = HTTPS of each Firewall will be overwritten.

1. git clone https://github.com/offensive-hub/digitalocean-firewall.git
2. cd digitalocean-firewall
3. sudo apt-get install python-pip && sudo pip install -U -r requirements.txt
4. cp .env.example .env && chmod 600 .env
5. Write right Digital Ocean Access Token in .env file

1. Create an Inbound Rule with type=HTTP or type=HTTPS as following:
2. Execute ./update-firewalls.py
3. Now you have two new Inbound Rules containing the official CloudFlare IPs:

It would be useful to make a cron, which update the firewalls every X time.

If you want that, follow these instructions:

1. crontab -e
2. Paste the following code at the end of file:

   # [00:00] Update DigitalOcean Firewalls with CloudFlare IPs
   0 0 * * * /path/to/digitalocean-firewall/update-firewalls.py
   

3. Edit /path/to/ with your real path
4. Now your server will automatically update DigitalOcean Firewalls every day at midnight! :)

• Fabrizio Fubelli

• python-digitalocean