This is a multi-part message in MIME format. ------=_NextPart_000_0041_01C1B53C.A8A90940 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I am new to the world of ipchains. I wanted to know if the following = rule would deny all snmp traffic on my Internet link(Serial4), but let me use snmp internally.=20 The problem is that with the latest bug in snmp, even shutting it off = doesnt help in some cases. I also rely on snmp for network health info. = I would like to just block all snmp traffic at the border. Since this = linux router is acting as my border router, this seems to be the best = place to start ipchains -A input -i Serial4 -p udp -d 0/0 161 -j DENY --log ipchains -A input -i Serial4 -p udp -d 0/0 162 -j DENY --log Is there a better way to stop all snmp traffic at the border? Thanks, Chris ------=_NextPart_000_0041_01C1B53C.A8A90940 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>I am new to the world of ipchains. I = wanted to know=20 if the following rule would deny all snmp traffic</FONT></DIV> <DIV><FONT face=3DArial size=3D2>on my Internet link(Serial4), but let = me use snmp=20 internally. </FONT></DIV> <DIV><FONT face=3DArial size=3D2>The problem is that with the latest bug = in snmp,=20 even shutting it off doesnt help in some cases. I also rely on snmp for = network=20 health info. I would like to just block all snmp traffic at = the=20 border. Since this linux router is acting as my border router, this = seems to be=20 the best place to start</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>ipchains -A input -i Serial4 -p udp -d = 0/0 161 -j=20 DENY --log</FONT></DIV> <DIV> <DIV><FONT face=3DArial size=3D2>ipchains -A input -i Serial4 -p udp -d = 0/0 162 -j=20 DENY --log</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Is there a better way to stop all snmp = traffic at=20 the border?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV> <DIV><FONT face=3DArial = size=3D2> Chris</FONT></DIV></DIV></BODY></HTML> ------=_NextPart_000_0041_01C1B53C.A8A90940--
