Install ufw
apt install ufwDeny all incoming
ufw default deny incomingAllow all outgoing
ufw default allow outgoingAllow HTTP/HTTPS from Cloudflare IPv4 and IPv6
for i in $(curl https://www.cloudflare.com/ips-v4); do sudo ufw allow from $i to any port 80,443 proto tcp; done
for i in $(curl https://www.cloudflare.com/ips-v6); do sudo ufw allow from $i to any port 80,443 proto tcp; doneEnable UFW
ufw enableCheck status
ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80,443/tcp ALLOW IN 173.245.48.0/20
80,443/tcp ALLOW IN 103.21.244.0/22
80,443/tcp ALLOW IN 103.22.200.0/22
80,443/tcp ALLOW IN 103.31.4.0/22
80,443/tcp ALLOW IN 141.101.64.0/18
80,443/tcp ALLOW IN 108.162.192.0/18
80,443/tcp ALLOW IN 190.93.240.0/20
80,443/tcp ALLOW IN 188.114.96.0/20
80,443/tcp ALLOW IN 197.234.240.0/22
80,443/tcp ALLOW IN 198.41.128.0/17
80,443/tcp ALLOW IN 162.158.0.0/15
80,443/tcp ALLOW IN 104.16.0.0/13
80,443/tcp ALLOW IN 104.24.0.0/14
80,443/tcp ALLOW IN 172.64.0.0/13
80,443/tcp ALLOW IN 131.0.72.0/22
80,443/tcp ALLOW IN 2400:cb00::/32
80,443/tcp ALLOW IN 2606:4700::/32
80,443/tcp ALLOW IN 2803:f800::/32
80,443/tcp ALLOW IN 2405:b500::/32
80,443/tcp ALLOW IN 2405:8100::/32
80,443/tcp ALLOW IN 2a06:98c0::/29
80,443/tcp ALLOW IN 2c0f:f248::/32