deployment/scripts/setup-firewall.sh

#!/bin/bash
# Setup firewall rules

set -e

echo "Configuring firewall (UFW)..."

# Enable UFW
ufw --force enable

# Allow SSH
ufw allow 22/tcp comment 'SSH'

# Allow HTTP/HTTPS (if direct connection)
read -p "Do you have a direct public IP? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
    ufw allow 80/tcp comment 'HTTP'
    ufw allow 443/tcp comment 'HTTPS'
fi

# Allow Cloudflare IP ranges (if using direct connection)
if [[ $REPLY =~ ^[Yy]$ ]]; then
    echo "Adding Cloudflare IP ranges..."
    ufw allow from 173.245.48.0/20 comment 'Cloudflare'
    ufw allow from 103.21.244.0/22 comment 'Cloudflare'
    ufw allow from 103.22.200.0/22 comment 'Cloudflare'
    ufw allow from 103.31.4.0/22 comment 'Cloudflare'
    ufw allow from 141.101.64.0/18 comment 'Cloudflare'
    ufw allow from 108.162.192.0/18 comment 'Cloudflare'
    ufw allow from 190.93.240.0/20 comment 'Cloudflare'
    ufw allow from 188.114.96.0/20 comment 'Cloudflare'
    ufw allow from 197.234.240.0/22 comment 'Cloudflare'
    ufw allow from 198.41.128.0/17 comment 'Cloudflare'
    ufw allow from 162.158.0.0/15 comment 'Cloudflare'
    ufw allow from 104.16.0.0/13 comment 'Cloudflare'
    ufw allow from 104.24.0.0/14 comment 'Cloudflare'
    ufw allow from 172.64.0.0/13 comment 'Cloudflare'
    ufw allow from 131.0.72.0/22 comment 'Cloudflare'
fi

# Show status
ufw status verbose

echo ""
echo "Firewall configured!"
Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-10 11:32:49 -08:00			`#!/bin/bash`
			`# Setup firewall rules`

			`set -e`

			`echo "Configuring firewall (UFW)..."`

			`# Enable UFW`
			`ufw --force enable`

			`# Allow SSH`
			`ufw allow 22/tcp comment 'SSH'`

			`# Allow HTTP/HTTPS (if direct connection)`
			`read -p "Do you have a direct public IP? (y/N): " -n 1 -r`
			`echo`
			`if [[ $REPLY =~ ^[Yy]$ ]]; then`
			`ufw allow 80/tcp comment 'HTTP'`
			`ufw allow 443/tcp comment 'HTTPS'`
			`fi`

			`# Allow Cloudflare IP ranges (if using direct connection)`
			`if [[ $REPLY =~ ^[Yy]$ ]]; then`
			`echo "Adding Cloudflare IP ranges..."`
			`ufw allow from 173.245.48.0/20 comment 'Cloudflare'`
			`ufw allow from 103.21.244.0/22 comment 'Cloudflare'`
			`ufw allow from 103.22.200.0/22 comment 'Cloudflare'`
			`ufw allow from 103.31.4.0/22 comment 'Cloudflare'`
			`ufw allow from 141.101.64.0/18 comment 'Cloudflare'`
			`ufw allow from 108.162.192.0/18 comment 'Cloudflare'`
			`ufw allow from 190.93.240.0/20 comment 'Cloudflare'`
			`ufw allow from 188.114.96.0/20 comment 'Cloudflare'`
			`ufw allow from 197.234.240.0/22 comment 'Cloudflare'`
			`ufw allow from 198.41.128.0/17 comment 'Cloudflare'`
			`ufw allow from 162.158.0.0/15 comment 'Cloudflare'`
			`ufw allow from 104.16.0.0/13 comment 'Cloudflare'`
			`ufw allow from 104.24.0.0/14 comment 'Cloudflare'`
			`ufw allow from 172.64.0.0/13 comment 'Cloudflare'`
			`ufw allow from 131.0.72.0/22 comment 'Cloudflare'`
			`fi`

			`# Show status`
			`ufw status verbose`

			`echo ""`
			`echo "Firewall configured!"`