[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Restricting SNMP
 Date:  Sat, 11 Sep 2004 18:16:39 -0400
On Sat, 11 Sep 2004 19:33:55 +0200, Patrick <patrick at rave dot co dot za> wrote:
> If you dont get anywhere just give a copy of the related rules from
> http(s)://<ip>/status.php - It might help us work out where you're getting
> stuck

from status.php

@1 pass in quick from to keep state group 100
@2 block in log quick proto udp from ! to
port = 161 group 100
@3 pass in quick from to any keep state group 100 is the LAN IP, is the LAN subnet, is the IP of my monitoring host (not the real IP's, but
for the sake of this they are)

LAN rules looks like this: http://wiki.m0n0.ch/images/lanrules-snmpblock.png

Looks like that @1 rule is added in on the back end somewhere, which
prevents you from blocking any traffic to the LAN IP (right?).