Merge pull request #2366 from GNS3/bugfix/block-iou-call

grossmj · web-flow · commit 19142d97bbd1 · 2024-04-20T15:53:39.000+07:00
Block IOU phone home call using IPtable
diff --git a/scripts/remote-install.sh b/scripts/remote-install.sh
@@ -197,8 +197,18 @@ then
     # Force hostid for IOU
     dd if=/dev/zero bs=4 count=1 of=/etc/hostid
 
-    # Block iou call. The server is down
-    echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts
+    # Block potential IOU phone home call (xml.cisco.com is not in use at this time)
+    log "Block IOU phone home call"
+    if [ "$UBUNTU_CODENAME" == "focal" ]
+    then
+      iptables -I OUTPUT -p udp --dport 53 -m string --hex-string "|03|xml|05|cisco|03|com" --algo bm -j DROP
+      echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+      echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+      apt-get install -y iptables-persistent
+    else
+      echo "127.0.0.254 xml.cisco.com" | tee --append /etc/hosts
+    fi
+
 fi
 
 log "Add gns3 to the kvm group"
