[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Restricting SNMP
 Date:  Sat, 11 Sep 2004 18:16:39 -0400
On Sat, 11 Sep 2004 19:33:55 +0200, Patrick <patrick at rave dot co dot za> wrote:
> 
> If you dont get anywhere just give a copy of the related rules from
> http(s)://<ip>/status.php - It might help us work out where you're getting
> stuck
> 

from status.php

@1 pass in quick from 192.168.1.0/24 to 192.168.1.1/32 keep state group 100
@2 block in log quick proto udp from !192.168.1.3/32 to 192.168.1.1/32
port = 161 group 100
@3 pass in quick from 192.168.1.0/24 to any keep state group 100

192.168.1.1 is the LAN IP, 192.168.1.0/24 is the LAN subnet,
192.168.1.3 is the IP of my monitoring host (not the real IP's, but
for the sake of this they are)

LAN rules looks like this: http://wiki.m0n0.ch/images/lanrules-snmpblock.png

Looks like that @1 rule is added in on the back end somewhere, which
prevents you from blocking any traffic to the LAN IP (right?).

-Chris