Merge pull request #2366 from GNS3/bugfix/block-iou-call

Block IOU phone home call using IPtable
Only use iptable to block xml.cisco.com on Ubuntu Focal.
1 changed files with 12 additions and 2 deletions
--- a/scripts/remote-install.sh
+++ b/scripts/remote-install.sh
@ -197,8 +197,18 @@ then
    # Force hostid for IOU
    dd if=/dev/zero bs=4 count=1 of=/etc/hostid

-    # Block iou call. The server is down
-    echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts
+    # Block potential IOU phone home call (xml.cisco.com is not in use at this time)
+    log "Block IOU phone home call"
+    if [ "$UBUNTU_CODENAME" == "focal" ]
+    then
+      iptables -I OUTPUT -p udp --dport 53 -m string --hex-string "|03|xml|05|cisco|03|com" --algo bm -j DROP
+      echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+      echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+      apt-get install -y iptables-persistent
+    else
+      echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts
+    fi
+
 fi

 log "Add gns3 to the kvm group"
Author	SHA1	Message	Date
Jeremy Grossmann	19142d97bb	Merge pull request #2366 from GNS3/bugfix/block-iou-call Block IOU phone home call using IPtable	3 weeks ago
grossmj	faf7e09ebb	Only use iptable to block xml.cisco.com on Ubuntu Focal.	3 weeks ago
grossmj	4959a51ce7	Block IOU phone home call using IPtable	1 month ago