|
||||||||
On Sat, 11 Sep 2004 19:33:55 +0200, Patrick <patrick at rave dot co dot za> wrote: > > If you dont get anywhere just give a copy of the related rules from > http(s)://<ip>/status.php - It might help us work out where you're getting > stuck > from status.php @1 pass in quick from 192.168.1.0/24 to 192.168.1.1/32 keep state group 100 @2 block in log quick proto udp from !192.168.1.3/32 to 192.168.1.1/32 port = 161 group 100 @3 pass in quick from 192.168.1.0/24 to any keep state group 100 192.168.1.1 is the LAN IP, 192.168.1.0/24 is the LAN subnet, 192.168.1.3 is the IP of my monitoring host (not the real IP's, but for the sake of this they are) LAN rules looks like this: http://wiki.m0n0.ch/images/lanrules-snmpblock.png Looks like that @1 rule is added in on the back end somewhere, which prevents you from blocking any traffic to the LAN IP (right?). -Chris |