Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Accept SNMP Packets...
Special Forums UNIX and Linux Applications Infrastructure Monitoring Accept SNMP Packets... Post 302471552 by karlochacon on Saturday 13th of November 2010 05:45:33 PM
Old 11-13-2010
hi again

by the way I have to configure this SNMP stuff on a firewall that is part of a SNMP project
so they want to allow only some hosts to send SNMP packets a across this Linux firewall

Since I still don't get how to do it on SNMP like in Windows

I was thinking using hosts.allow and deny like this

Code:
hosts.allow
snmpd : 192.168.2.1 192.168.2.2 192.168.2.3 


hosts.deny
snmpd : ALL

but I read this
# Never configure TCP Wrappers on firewall host.
# Put TCP Wrappers behind a firewall systems as TCP Wrappers is no substitute for netfilter or pf firewall.

on
Explain Linux / UNIX TCP Wrappers / Find Out If Program Compiled With TCP Wrappers


so any guidance on SNMP way?
thanks a lot
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

sending packets

How can i send a packet, and what is an empty packet? (8 Replies)
Discussion started by: Avatar0fEvil
8 Replies

2. Programming

Packets Getting Lost

I am working on a project, which has the following type of hardware setup. A special hardware device is receiving data from an external network interface. So we can have multiple such a hardware devices. Now these hardware devices will route the captured incoming data through the external... (4 Replies)
Discussion started by: S.P.Prasad
4 Replies

3. IP Networking

counting the packets

there are a number of clients connected to a server.... how can i count that each clients recieve ...? how do i moniter the activity of the client..? (2 Replies)
Discussion started by: damn_bkb
2 Replies

4. Infrastructure Monitoring

capture snmp packets in AIX

Hi, I want to capture snmp packets in AIX. When i give print from AIX6.1, Printer will give its response thru' snmp. I used iptrace command like below, but it is not capturing snmp packets other packets are captured like udp, tcp.. 1. iptrace command: /usr/sbin/iptrace -a -i en0... (1 Reply)
Discussion started by: meeraramanathan
1 Replies

5. HP-UX

packets statistics

Hi there, are there any functions that can get the packets statistics on UNIX ? thanks. (2 Replies)
Discussion started by: Frank2004
2 Replies

6. IP Networking

Sending data from DELL OMSA SNMP and Custom SNMP MIB to same UDP port 161

Hi , Currently DELL OMSA SNMP sends data through default udp port 161.I want my custom SNMP MIB also to send data in the same udp port 161.Whether its possible.If yes where to configure .I tried starting my custom MIB in udp port 161,but it throws port already in use.Kindly guide. (0 Replies)
Discussion started by: prabakar4all
0 Replies

7. Red Hat

Sending data from DELL OMSA SNMP and Custom SNMP MIB to same UDP port 161

Hi , Currently DELL OMSA SNMP sends data through default udp port 161.I want my custom SNMP MIB also to send data in the same udp port 161.Whether its possible.If yes where to configure .I tried starting my custom MIB in udp port 161,but it throws port already in use.Kindly guide. (1 Reply)
Discussion started by: prabakar4all
1 Replies

8. IP Networking

SNMP Problem - SNMP not getting to the agent.

I am having a problem with an SNMP event, and I am not sure where I should be looking to solve this problem. Description: There is an SNMP event in our system that for one reason or another is not getting sent out as an email because it is never getting to our SNMP agent. I see where the... (0 Replies)
Discussion started by: broberts
0 Replies

9. Infrastructure Monitoring

SNMP traps to SNMP server

Dear Champs, I am new to unix, and need to configure linux server to send below traps to a SNMP server. Monitoring TRAP Disk Space Low Monitoring TRAP Memory Low Monitoring TRAP CPU high Monitoring TRAP Admin login/Logoff Please help me how to send this information to my SNMP server... (2 Replies)
Discussion started by: stavar
2 Replies

10. UNIX for Dummies Questions & Answers

Need to transfer all kernel logs (var/log/messages) to the snmp listener as snmp trap

i am working with embedded system -Dell DCS management sub system. my question is as below: currently we are using linux kernel 2.6.30 build and we have a kernel logs stored to the /var/log/messages path. now we have to transfer all this logs to the specified SNMP target as a part of SNMP... (4 Replies)
Discussion started by: vipul_prajapati
4 Replies

LEARN ABOUT DEBIAN

shorewall-exclusion

SHOREWALL-EXCLUSION(5)						  [FIXME: manual]					    SHOREWALL-EXCLUSION(5)

NAME

       exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.

SYNOPSIS

       !address-or-range[,address-or-range]...

       !zone-name[,zone-name]...

DESCRIPTION

       The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
       a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
       CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
       form lowaddress-highaddress

       No embedded whitespace is allowed.

       Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
       list and then removing the addresses defined in the exclusion.

       Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
       /etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.

	   Warning
	   If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
	   rule generated for a parent zone.

	   For example:

	   /etc/shorewall/zones:

	       #ZONE	      TYPE
	       z1	      ip
	       z2:z1	      ip
	       ...

	   /etc/shorewall/policy:

	       #SOURCE	       DEST	     POLICY
	       z1	       net	     CONTINUE
	       z2	       net	     REJECT

	   /etc/shorewall/rules:

	       #ACTION	       SOURCE	     DEST	 PROTO	       DEST
	       #						       PORT(S)
	       ACCEPT	       all!z2	     net	 tcp	       22

	   In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.

       In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
       be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:

       o   !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
	   match set1 OR NOT match set2 ... OR NOT match setN.

       o   +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
	   AND NOT match set2 ... AND NOT match setN.

EXAMPLES

       Example 1 - All IPv4 addresses except 192.168.3.4
	   !192.168.3.4

       Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
	   !192.168.1.0/24,10.1.3.4

       Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
	   !192.168.1.3-192.168.1.12,10.0.0.0/8

       Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
	   192.168.1.0/24!192.168.1.3,192.168.1.9

       Example 5 - All parent zones except loc
	   any!loc

FILES

       /etc/shorewall/hosts

       /etc/shorewall/masq

       /etc/shorewall/rules

       /etc/shorewall/tcrules

SEE ALSO

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
       shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

	1. shorewall-ipsets
	   http://www.shorewall.net/manpages/shorewall-ipsets.html

[FIXME: source] 						    06/28/2012						    SHOREWALL-EXCLUSION(5)
All times are GMT -4. The time now is 07:53 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy