I want to allow a list of (around 100) IP addresses to access a website on an ubuntu server. I'd like to be able to refresh the list via cron.
I'm trying to do it with UFW. I thought this might be easier to do via an app profile. Is this the best approach?
[My App]
title = "My Web"
description = "Allows to access web"
ports = 80/tcp|443/tcp
How can I add the list of allowed IP's? I want to add something like this to the profile:
ips=[/var/www/allowed_ips.txt]
Application profiles describe applications. Each contains a title, a description and a set of ports to connect to. They do not describe rules to allow or deny access to such applications. This is done separately. E.g.
ufw allow from 192.168.0.0/16 to any app "MyWeb"
If you want to keep a list of IP addresses in a file, as you suggest in the question, I'd suggest that you add a shell script like the one below to your crontab. It will first delete all rules for your application (see this answer), then add rules for the IPs in your file.
#!/bin/bash
APPNAME="MyWeb"
IPFILE=/var/www/allowed_ips.txt
RULES_DESC=$(ufw status numbered | grep "$APPNAME"
| awk -F"[][]" '{print $2}' | tr --delete [:blank:] | sort -rn)
for NUM in $RULES_DESC; do
yes | ufw delete $NUM
done
for IP in $(cat $IPFILE); do
ufw allow from $IP to any app "$APPNAME"
done
You will probably want to suppress the output from the script in your crontab.
