What I ended up doing was this: # Disable snmp from the outside world /sbin/ipchains -A input -i Serial4 -p udp -d 0/0 161:162 -j DENY --log # This is an entry for my paranoia... # If someone locally were running a socks server(for example), I wouldnt want the outside world # to bounce off it and still gain entry. I lock down the eth0 to accept only from my monitoring # host. /sbin/ipchains -A input -i eth0 -p udp -s ! my.good.host.local/32 -d 0/0 161:162 -j DENY --log It seems to works fine with the tests I have made. ----- Original Message ----- From: "bert hubert" <ahu@ds9a.nl> To: "chris" <lists@powernet.net> Cc: <LARTC@mailman.ds9a.nl> Sent: Friday, February 15, 2002 7:28 AM Subject: Re: [LARTC] simple ipchain filter > On Thu, Feb 14, 2002 at 09:47:47AM -0800, chris wrote: > > > The problem is that with the latest bug in snmp, even shutting it off > > doesnt help in some cases. I also rely on snmp for network health info. I > > would like to just block all snmp traffic at the border. Since this linux > > router is acting as my border router, this seems to be the best place to > > start > > > > ipchains -A input -i Serial4 -p udp -d 0/0 161 -j DENY --log > > ipchains -A input -i Serial4 -p udp -d 0/0 162 -j DENY --log > > Looks good. > > -- > http://www.PowerDNS.com Versatile DNS Software & Services > http://www.tk the dot in .tk > Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - > Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ >
