sudofox/drop_dns_deny_rules_on_anyconnect_up.sh

## drop_dns_deny_rules_on_anyconnect_up.sh
#!/usr/bin/env bash

# goes in /etc/NetworkManager/dispatcher.d/
# restart NetworkManager to make sure it takes effect
# watch logs with journalctl -fxe

interface=$1
event=$2

if [[ $interface == "cscotun0" ]] && [[ $event == "up" ]]; then
    echo "$interface received $event" | systemd-cat -p info -t drop_dns_deny_rules_on_anyconnect_up
    sleep 5 # let anyconnect finish adding its rules
    iptables --list-rules | grep ciscovpn | grep "p udp .m udp ...port 53 .j DROP" | sed -s 's/^\-A/\-D/' | xargs -L1 -I{} --no-run-if-empty sh -c "iptables {}"
fi
	#!/usr/bin/env bash

	# goes in /etc/NetworkManager/dispatcher.d/
	# restart NetworkManager to make sure it takes effect
	# watch logs with journalctl -fxe

	interface=$1
	event=$2

	if [[ $interface == "cscotun0" ]] && [[ $event == "up" ]]; then
	echo "$interface received $event" \| systemd-cat -p info -t drop_dns_deny_rules_on_anyconnect_up
	sleep 5 # let anyconnect finish adding its rules
	iptables --list-rules \| grep ciscovpn \| grep "p udp .m udp ...port 53 .j DROP" \| sed -s 's/^\-A/\-D/' \| xargs -L1 -I{} --no-run-if-empty sh -c "iptables {}"
	fi