Created
December 3, 2020 21:09
-
-
Save sudofox/6a17f732f48386a5f9557686d186a4dd to your computer and use it in GitHub Desktop.
Remove/disable cisco anyconnect's UDP port 53 DNS deny rules on the physical interface after connect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# goes in /etc/NetworkManager/dispatcher.d/ | |
# restart NetworkManager to make sure it takes effect | |
# watch logs with journalctl -fxe | |
interface=$1 | |
event=$2 | |
if [[ $interface == "cscotun0" ]] && [[ $event == "up" ]]; then | |
echo "$interface received $event" | systemd-cat -p info -t drop_dns_deny_rules_on_anyconnect_up | |
sleep 5 # let anyconnect finish adding its rules | |
iptables --list-rules | grep ciscovpn | grep "p udp .m udp ...port 53 .j DROP" | sed -s 's/^\-A/\-D/' | xargs -L1 -I{} --no-run-if-empty sh -c "iptables {}" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment