[ previous ] [ next ] [ threads ]
 From:  Patrick <patrick at rave dot co dot za>
 To:  Matt Juszczak <matt at atopia dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Restricting SNMP
 Date:  Wed, 8 Sep 2004 16:53:31 +0200
> Is there a way to restrict SNMP to just one IP address?  Firewall rule 
> maybe?

One would assume that you could just firewall access off to the SNMP port : 

[neogenix@amnesia] ~$ grep -i snmp /etc/services
snmp            161/tcp
snmp            161/udp
snmptrap        162/tcp    snmp-trap
snmptrap        162/udp    snmp-trap

So in theory you can just firewall off 161... Im not sure which snmpd 
is running on the m0n0wall box and if it has any trap related services 
running but i doubt it. So 161 would be your best bet :) 

deny all connections from the lan / wan to 161 

By default which interfaces does the SNMPd listen on ?