by the way I have to configure this SNMP stuff on a firewall that is part of a SNMP project
so they want to allow only some hosts to send SNMP packets a across this Linux firewall
Since I still don't get how to do it on SNMP like in Windows
I was thinking using hosts.allow and deny like this
but I read this
# Never configure TCP Wrappers on firewall host.
# Put TCP Wrappers behind a firewall systems as TCP Wrappers is no substitute for netfilter or pf firewall.
I am working on a project, which has the following type of hardware setup.
A special hardware device is receiving data from an external network interface. So we can have multiple such a hardware devices. Now these hardware devices will route the captured incoming data through the external... (4 Replies)
there are a number of clients connected to a server.... how can i count that each clients recieve ...? how do i moniter the activity of the client..? (2 Replies)
Hi,
I want to capture snmp packets in AIX.
When i give print from AIX6.1, Printer will give its response thru' snmp.
I used iptrace command like below, but it is not capturing snmp packets other packets are captured like udp, tcp..
1. iptrace command:
/usr/sbin/iptrace -a -i en0... (1 Reply)
Hi ,
Currently DELL OMSA SNMP sends data through default udp port 161.I want my custom SNMP MIB also to send data in the same udp port 161.Whether its possible.If yes where to configure .I tried starting my custom MIB in udp port 161,but it throws port already in use.Kindly guide. (0 Replies)
Hi ,
Currently DELL OMSA SNMP sends data through default udp port 161.I want my custom SNMP MIB also to send data in the same udp port 161.Whether its possible.If yes where to configure .I tried starting my custom MIB in udp port 161,but it throws port already in use.Kindly guide. (1 Reply)
I am having a problem with an SNMP event, and I am not sure where I should be looking to solve this problem.
Description:
There is an SNMP event in our system that for one reason or another is not getting sent out as an email because it is never getting to our SNMP agent.
I see where the... (0 Replies)
Dear Champs,
I am new to unix, and need to configure linux server to send below traps to a SNMP server.
Monitoring TRAP Disk Space Low
Monitoring TRAP Memory Low
Monitoring TRAP CPU high
Monitoring TRAP Admin login/Logoff
Please help me how to send this information to my SNMP server... (2 Replies)
i am working with embedded system -Dell DCS management sub system. my question is as below:
currently we are using linux kernel 2.6.30 build and we have a kernel logs stored to the /var/log/messages path. now we have to transfer all this logs to the specified SNMP target as a part of SNMP... (4 Replies)
Discussion started by: vipul_prajapati
4 Replies
LEARN ABOUT DEBIAN
shorewall-exclusion
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5)NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.
SYNOPSIS
!address-or-range[,address-or-range]...
!zone-name[,zone-name]...
DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
form lowaddress-highaddress
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
/etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.
Warning
If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
rule generated for a parent zone.
For example:
/etc/shorewall/zones:
#ZONE TYPE
z1 ip
z2:z1 ip
...
/etc/shorewall/policy:
#SOURCE DEST POLICY
z1 net CONTINUE
z2 net REJECT
/etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT all!z2 net tcp 22
In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.
In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:
o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
match set1 OR NOT match set2 ... OR NOT match setN.
o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
AND NOT match set2 ... AND NOT match setN.
EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4
!192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
!192.168.1.0/24,10.1.3.4
Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
!192.168.1.3-192.168.1.12,10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
192.168.1.0/24!192.168.1.3,192.168.1.9
Example 5 - All parent zones except loc
any!loc
FILES
/etc/shorewall/hosts
/etc/shorewall/masq
/etc/shorewall/rules
/etc/shorewall/tcrules
SEE ALSO shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)NOTES
1. shorewall-ipsets
http://www.shorewall.net/manpages/shorewall-ipsets.html
[FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)