拉取cf ip写入到配置文件, 不存在/etc/nftables.d先手动mkdir创建一下
#!/usr/bin/env sh
set -eu
DIR="/etc/nftables.d"
OUT4="${DIR}/cf-set-v4.nft"
OUT6="${DIR}/cf-set-v6.nft"
mkdir -p "$DIR"
tmp4="$(mktemp)"
tmp6="$(mktemp)"
# v4 set block
{
echo "set cf_ipv4 {"
echo " type ipv4_addr;"
echo " flags interval;"
echo " elements = {"
curl -fsSL https://www.cloudflare.com/ips-v4 \
| awk 'NF{print " " $0 ","}'
echo " }"
echo "}"
} > "$tmp4"
# v6 set block
{
echo "set cf_ipv6 {"
echo " type ipv6_addr;"
echo " flags interval;"
echo " elements = {"
curl -fsSL https://www.cloudflare.com/ips-v6 \
| awk 'NF{print " " $0 ","}'
echo " }"
echo "}"
} > "$tmp6"
install -m 0644 "$tmp4" "$OUT4"
install -m 0644 "$tmp6" "$OUT6"
rm -f "$tmp4" "$tmp6"2025/12/30小于 1 分钟