{"id":17744087,"url":"https://github.com/thomasvincent/cloudflare-ufw-sync","last_synced_at":"2026-01-31T20:01:16.302Z","repository":{"id":317981826,"uuid":"940257523","full_name":"thomasvincent/cloudflare-ufw-sync","owner":"thomasvincent","description":"Automated synchronization of Cloudflare IP ranges with UFW firewall rules. Enterprise-grade security tool for Linux servers using Cloudflare CDN/WAF","archived":false,"fork":false,"pushed_at":"2026-01-02T09:19:02.000Z","size":198,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-08T08:16:17.460Z","etag":null,"topics":["automation","cloudflare","cloudflare-api","debian","devops","firewall","firewall-rules","infrastructure","linux","network-security","networking","python","security","sync","system-administration","ubuntu","ufw"],"latest_commit_sha":null,"homepage":"https://github.com/thomasvincent/cloudflare-ufw-sync","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thomasvincent.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-27T21:44:33.000Z","updated_at":"2026-01-02T09:19:04.000Z","dependencies_parsed_at":"2026-01-02T19:06:35.640Z","dependency_job_id":null,"html_url":"https://github.com/thomasvincent/cloudflare-ufw-sync","commit_stats":null,"previous_names":["thomasvincent/cloudflare-ufw-sync"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/thomasvincent/cloudflare-ufw-sync","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasvincent%2Fcloudflare-ufw-sync","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasvincent%2Fcloudflare-ufw-sync/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasvincent%2Fcloudflare-ufw-sync/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasvincent%2Fcloudflare-ufw-sync/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thomasvincent","download_url":"https://codeload.github.com/thomasvincent/cloudflare-ufw-sync/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomasvincent%2Fcloudflare-ufw-sync/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28952578,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T18:30:42.805Z","status":"ssl_error","status_checked_at":"2026-01-31T18:30:19.593Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","cloudflare","cloudflare-api","debian","devops","firewall","firewall-rules","infrastructure","linux","network-security","networking","python","security","sync","system-administration","ubuntu","ufw"],"created_at":"2024-10-26T06:41:55.544Z","updated_at":"2026-01-31T20:01:16.297Z","avatar_url":"https://github.com/thomasvincent.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloudflare UFW Sync\n\n[![Python](https://img.shields.io/badge/Python-3.8%2B-blue)](https://www.python.org/downloads/)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![Tests](https://github.com/thomasvincent/cloudflare-ufw-sync/actions/workflows/tests.yml/badge.svg)](https://github.com/thomasvincent/cloudflare-ufw-sync/actions/workflows/tests.yml)\n[![PyPI](https://img.shields.io/pypi/v/cloudflare-ufw-sync)](https://pypi.org/project/cloudflare-ufw-sync/)\n\nEnterprise-grade Cloudflare IP synchronization for UFW.\n\n## Overview\n\n`cloudflare-ufw-sync` is a robust tool designed to automatically synchronize Cloudflare's IP ranges with your UFW (Uncomplicated Firewall) rules. This ensures that only traffic coming from Cloudflare's network is allowed to access your web server.\n\n## Architecture\n\n![Architecture Diagram](architecture.png)\n\n## Features\n\n- 🔄 Automatic synchronization of Cloudflare IP ranges with UFW rules\n- 🔒 Securely manages UFW rules with proper permission handling\n- 🛠️ Supports both IPv4 and IPv6 address ranges\n- 🔍 Detailed logging for audit and troubleshooting\n- 🔧 Customizable configuration\n- 🧪 Comprehensive test suite\n\n## Installation\n\n### From PyPI\n\n```bash\npip install cloudflare-ufw-sync\n```\n\n### From Source\n\n```bash\ngit clone https://github.com/thomasvincent/cloudflare-ufw-sync.git\ncd cloudflare-ufw-sync\npip install .\n```\n\n## Configuration\n\nCreate a configuration file at `/etc/cloudflare-ufw-sync/config.yml` or `~/.config/cloudflare-ufw-sync/config.yml`:\n\n```yaml\ncloudflare:\n  api_key: your-api-key  # Optional: Only needed if using authenticated endpoints\n  ip_types:\n    - v4  # IPv4 addresses\n    - v6  # IPv6 addresses\n\nufw:\n  default_policy: deny\n  port: 443  # The port to allow access to\n  proto: tcp  # Protocol (tcp, udp, or both)\n  comment: \"Cloudflare IP\"  # Comment for UFW rules\n\nsync:\n  interval: 86400  # Sync interval in seconds (default: 1 day)\n  enabled: true\n```\n\n## Usage\n\n### Command Line\n\n```bash\n# Run a sync operation\ncloudflare-ufw-sync sync\n\n# Run in daemon mode\ncloudflare-ufw-sync daemon\n\n# View current status\ncloudflare-ufw-sync status\n```\n\n### As a Service\n\nA systemd service file is provided to run the synchronization as a service:\n\n```bash\nsudo cp scripts/cloudflare-ufw-sync.service /etc/systemd/system/\nsudo systemctl daemon-reload\nsudo systemctl enable cloudflare-ufw-sync\nsudo systemctl start cloudflare-ufw-sync\n```\n\n## Development\n\n### Testing with Docker\n\nIf you prefer an isolated environment, you can build and run the test suite entirely in Docker.\n\n```bash\n# Build the dev image (includes dev dependencies and package in editable mode)\ndocker build -t cloudflare-ufw-sync:dev .\n\n# Run tests with pytest (quiet mode, stop on first failure)\ndocker run --rm -t --entrypoint pytest cloudflare-ufw-sync:dev -q --maxfail=1 --disable-warnings\n```\n\nThis is the exact setup used in CI and by maintainers when sanity-checking changes locally.\n\n### Make targets\n\nFor convenience, a few make targets mirror the Docker workflow:\n\n```bash\n# Build the dev image\nmake docker-build\n\n# Run the test suite inside the container\nmake docker-test\n\n# Run tox (lint + mypy per tox.ini) inside the container\nmake docker-tox\n```\n\n### Setup\n\n```bash\n# Clone the repository\ngit clone https://github.com/thomasvincent/cloudflare-ufw-sync.git\ncd cloudflare-ufw-sync\n\n# Set up a virtual environment\npython -m venv venv\nsource venv/bin/activate\n\n# Install dev dependencies\npip install -e \".[dev]\"\n```\n\n### Testing and Linting with Tox\n\nThe project includes a `tox.ini` file that sets up environments for testing, linting, and type checking. This allows you to run the same checks locally that are performed in the CI pipeline before committing your changes.\n\n```bash\n# Install tox\npip install tox\n\n# Run all tests and checks on all supported Python versions\ntox\n\n# Run tests for a specific Python version\ntox -e py38  # For Python 3.8\ntox -e py39  # For Python 3.9\ntox -e py310 # For Python 3.10\ntox -e py311 # For Python 3.11\ntox -e py312 # For Python 3.12\n\n# Run only linting checks\ntox -e lint\n\n# Run only type checking\ntox -e mypy\n\n# Format code\ntox -e format\n```\n\n### Manual Testing\n\nIf you prefer to run tests and linting manually:\n\n```bash\n# Run tests\npytest\n\n# Run linting\nblack .\nisort .\nflake8\n\n# Run type checking\nmypy src\n```\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Security\n\nSee [SECURITY.md](SECURITY.md) for security policy and reporting vulnerabilities.\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomasvincent%2Fcloudflare-ufw-sync","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthomasvincent%2Fcloudflare-ufw-sync","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomasvincent%2Fcloudflare-ufw-sync/lists"}