From ad7813d04b09d6f8a8dde6c3f4b5820c2e2abacd Mon Sep 17 00:00:00 2001 From: grossmj Date: Sat, 28 Dec 2024 17:50:59 +0700 Subject: [PATCH 1/2] Use iptables to block IOU home call --- scripts/remote-install.sh | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/scripts/remote-install.sh b/scripts/remote-install.sh index 4da8b98a..f2fc1852 100644 --- a/scripts/remote-install.sh +++ b/scripts/remote-install.sh @@ -208,16 +208,10 @@ then # Block potential IOU phone home call (xml.cisco.com is not in use at this time) log "Blocking IOU phone home call" - if [ "$UBUNTU_CODENAME" == "focal" ] - then - iptables -I OUTPUT -p udp --dport 53 -m string --hex-string "|03|xml|05|cisco|03|com" --algo bm -j DROP - echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections - echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections - apt install -y iptables-persistent - else - echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts - fi - + iptables -I OUTPUT -p udp --dport 53 -m string --hex-string "|03|xml|05|cisco|03|com" --algo bm -j DROP + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + apt install -y iptables-persistent fi log "Adding gns3 to the kvm group" From 1c0b0ae423bc6e40c2d67185c5044a9c50b45e59 Mon Sep 17 00:00:00 2001 From: grossmj Date: Sat, 28 Dec 2024 18:00:22 +0700 Subject: [PATCH 2/2] Remove blocking IOU phone home call. --- scripts/remote-install.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/scripts/remote-install.sh b/scripts/remote-install.sh index f2fc1852..cdc8b3de 100644 --- a/scripts/remote-install.sh +++ b/scripts/remote-install.sh @@ -205,13 +205,6 @@ then # Force hostid for IOU dd if=/dev/zero bs=4 count=1 of=/etc/hostid - - # Block potential IOU phone home call (xml.cisco.com is not in use at this time) - log "Blocking IOU phone home call" - iptables -I OUTPUT -p udp --dport 53 -m string --hex-string "|03|xml|05|cisco|03|com" --algo bm -j DROP - echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections - echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections - apt install -y iptables-persistent fi log "Adding gns3 to the kvm group"