Tweet | keng42

2023-08-09 20:40:37

Oracle Cloud 使用命令行批量修改安全组，例如只运行 cloudflare ip 段访问 443 端口：

#!/bin/bash

# Security Group OCID
nsg_id=<OCID>

# Define the IP addresses
# https://www.cloudflare.com/ips-v4
# https://www.cloudflare.com/ips-v6
ip_addresses=(
    "173.245.48.0/20"
    "103.21.244.0/22"
    "103.22.200.0/22"
    "103.31.4.0/22"
    "141.101.64.0/18"
    "108.162.192.0/18"
    "190.93.240.0/20"
    "188.114.96.0/20"
    "197.234.240.0/22"
    "198.41.128.0/17"
    "162.158.0.0/15"
    "104.16.0.0/13"
    "104.24.0.0/14"
    "172.64.0.0/13"
    "131.0.72.0/22"
    "2400:cb00::/32"
    "2606:4700::/32"
    "2803:f800::/32"
    "2405:b500::/32"
    "2405:8100::/32"
    "2a06:98c0::/29"
    "2c0f:f248::/32"
)

# Loop over the array and add each IP address to the NSG
for ip_address in "${ip_addresses[@]}"; do 
  oci network nsg rules add --nsg-id $nsg_id \
  --security-rules '[{ "direction": "INGRESS", "protocol": "6", "source": "'$ip_address'", "tcpOptions": { "destinationPortRange": { "max": 443, "min": 443 }}}]'
done