From mboxrd@z Thu Jan  1 00:00:00 1970
From: "chris" <lists@powernet.net>
Date: Thu, 14 Feb 2002 17:47:47 +0000
Subject: [LARTC] simple ipchain filter
MIME-Version: 1
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0041_01C1B53C.A8A90940"
Message-Id: <marc-lartc-101370887819916@msgid-missing>
List-Id: <lartc.vger.kernel.org>
To: lartc@vger.kernel.org

This is a multi-part message in MIME format.

------=_NextPart_000_0041_01C1B53C.A8A90940
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I am new to the world of ipchains. I wanted to know if the following =
rule would deny all snmp traffic
on my Internet link(Serial4), but let me use snmp internally.=20
The problem is that with the latest bug in snmp, even shutting it off =
doesnt help in some cases. I also rely on snmp for network health info. =
I would like to just block all snmp traffic at the border. Since this =
linux router is acting as my border router, this seems to be the best =
place to start

ipchains -A input -i Serial4 -p udp -d 0/0 161 -j DENY --log
ipchains -A input -i Serial4 -p udp -d 0/0 162 -j DENY --log

Is there a better way to stop all snmp traffic at the border?


Thanks,
 Chris

------=_NextPart_000_0041_01C1B53C.A8A90940
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I am new to the world of ipchains. I =
wanted to know=20
if the following rule would deny all snmp traffic</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>on my Internet link(Serial4), but let =
me use snmp=20
internally. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The problem is that with the latest bug =
in snmp,=20
even shutting it off doesnt help in some cases. I also rely on snmp for =
network=20
health info. I&nbsp;would like&nbsp;to just block all snmp traffic at =
the=20
border. Since this linux router is acting as my border router, this =
seems to be=20
the best place to start</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>ipchains -A input -i Serial4 -p udp -d =
0/0 161 -j=20
DENY --log</FONT></DIV>
<DIV>
<DIV><FONT face=3DArial size=3D2>ipchains -A input -i Serial4 -p udp -d =
0/0 162 -j=20
DENY --log</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Is there a better way to stop all snmp =
traffic at=20
the border?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Thanks,</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2>&nbsp;Chris</FONT></DIV></DIV></BODY></HTML>

------=_NextPart_000_0041_01C1B53C.A8A90940--

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/