From mboxrd@z Thu Jan 1 00:00:00 1970 From: "chris" Date: Fri, 15 Feb 2002 18:02:59 +0000 Subject: Re: [LARTC] simple ipchain filter Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org What I ended up doing was this: # Disable snmp from the outside world /sbin/ipchains -A input -i Serial4 -p udp -d 0/0 161:162 -j DENY --log # This is an entry for my paranoia... # If someone locally were running a socks server(for example), I wouldnt want the outside world # to bounce off it and still gain entry. I lock down the eth0 to accept only from my monitoring # host. /sbin/ipchains -A input -i eth0 -p udp -s ! my.good.host.local/32 -d 0/0 161:162 -j DENY --log It seems to works fine with the tests I have made. ----- Original Message ----- From: "bert hubert" To: "chris" Cc: Sent: Friday, February 15, 2002 7:28 AM Subject: Re: [LARTC] simple ipchain filter > On Thu, Feb 14, 2002 at 09:47:47AM -0800, chris wrote: > > > The problem is that with the latest bug in snmp, even shutting it off > > doesnt help in some cases. I also rely on snmp for network health info. I > > would like to just block all snmp traffic at the border. Since this linux > > router is acting as my border router, this seems to be the best place to > > start > > > > ipchains -A input -i Serial4 -p udp -d 0/0 161 -j DENY --log > > ipchains -A input -i Serial4 -p udp -d 0/0 162 -j DENY --log > > Looks good. > > -- > http://www.PowerDNS.com Versatile DNS Software & Services > http://www.tk the dot in .tk > Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - > Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/