Cisco Umbrella blocking

IPFreely · December 19, 2025, 8:46pm

It looks like Cisco Umbrella is now blocking the RM1

elvisimprsntr · December 19, 2025, 11:04pm

Not sure if this will mitigate your problem.

By default <=1.7.2 bombards public DNS servers with ICMP ping requests. It also phones home quite a lot.

You can add the following script to disable the daemon that pings public DNS servers. Update the subnets for your LAN configuration. Script will disable cloud access and use of Tailscale.

[root@glkvm:/etc/kvmd/user/scripts]# cat S10icmp.sh 
#! /bin/sh

start() {
	# Stop DNS ping flood
	/bin/sh /etc/init.d/S23led stop

	# Block ICMP
	iptables -I OUTPUT 1 -p icmp --icmp-type echo-request -j DROP
	
	# Allow LAN
	iptables -I OUTPUT 2 -s 192.168.69.60 -d 192.168.69.0/24 -j ACCEPT

	# Block everything else
	iptables -I OUTPUT 3 -s 192.168.69.60 -j DROP
}

stop() {
	# Delete rules
	/bin/sh /etc/init.d/S23led start
	iptables -D OUTPUT 3 
	iptables -D OUTPUT 2       	
	iptables -D OUTPUT 1       	
}

restart() {
	    stop
    	sleep 1
    	start
}

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart|reload)
        restart
        ;;
    *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
esac

exit $?

Make sure script has execute permissions

chmod a+x S10icmp.sh

You will likely need to manually configure a local NTP server as well. Obviously, update the NTP server IP address as applicable.

[root@glkvm:/etc/kvmd/user/scripts]# cat S20ntp.sh 
#! /bin/sh

start() {
	# Set preferred local NTP server
	echo "server 192.168.69.5 iburst minpoll 6 maxpoll 8" > /etc/ntp.conf

	# Block NTP requests not from source port 123
	iptables -A OUTPUT -p udp --dport 123 ! --sport 123 -j DROP

	# Set ConnMan preferred NTP server
	#connmanctl config ethernet_9483c4bb171f_cable --timeservers "192.168.69.5"
}

stop() {
	iptables -D OUTPUT -p udp --dport 123 ! --sport 123 -j DROP
	#connmanctl config ethernet_9483c4bb171f_cable --timeservers ""
}	

restart() {
	    stop
    	sleep 1
    	start
}

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart|reload)
        restart
        ;;
    *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
esac

exit $?

Make sure script has execute permissions

chmod a+x S20ntp.sh

robotluo · December 22, 2025, 3:11am

Are there any error messages?

IPFreely · December 22, 2025, 9:18pm

This is the error i get from the web browser:

This site is blocked due to a security threat that was discovered by the Cisco Umbrella security researchers.

robotluo · December 25, 2025, 2:39am

Does the problem still exist? We have adjusted some redirects on the website that might cause misjudgments.

Flora72 · December 25, 2025, 4:14am

We are currently collecting information on related issues. If the problem persists, could you please provide your device logs and the location of your control device?

Device logs can be sent to this email address ([email protected]).

We apologize for any inconvenience.

IPFreely · December 30, 2025, 9:17pm

Still having issues. Its blocked still. Logs sent! My control device is in the pacific west coast of Canada