Hello Experts,
I need snmpv3 to allow query with only one server.
Is there any parameter in snmpd.conf which I can configure to provide snmp data to that host only and none other hosts on network.
Thanks for your help
SNMPD for allowing only to single host
Re: SNMPD for allowing only to single host
According to http://sourceforge.net/p/net-snmp/mailm ... /27227181/ not in the same way as you can with snmpv1/v2c.
They suggest you use tcp-wrappers for this (/etc/hosts.allow and /etc/hosts.deny).
They suggest you use tcp-wrappers for this (/etc/hosts.allow and /etc/hosts.deny).
Re: SNMPD for allowing only to single host
Or you can allow/deny snmp traffic on firewall:
iptables -A INPUT -s allowed_host_ip -p tcp --dport 161 -j ACCEPT
iptables -A INPUT -s allowed_host_ip -p udp --dport 161 -j ACCEPT
iptables -A INPUT -s allowed_host_ip -p tcp --dport 162 -j ACCEPT
iptables -A INPUT -s allowed_host_ip -p udp --dport 162 -j ACCEPT
and optionally if your default rule is not DROP then
iptables -A INPUT -p tcp --dport 161 -j DROP
iptables -A INPUT -p udp --dport 161 -j DROP
iptables -A INPUT -p tcp --dport 162 -j DROP
iptables -A INPUT -p udp --dport 162 -j DROP
iptables -A INPUT -s allowed_host_ip -p tcp --dport 161 -j ACCEPT
iptables -A INPUT -s allowed_host_ip -p udp --dport 161 -j ACCEPT
iptables -A INPUT -s allowed_host_ip -p tcp --dport 162 -j ACCEPT
iptables -A INPUT -s allowed_host_ip -p udp --dport 162 -j ACCEPT
and optionally if your default rule is not DROP then
iptables -A INPUT -p tcp --dport 161 -j DROP
iptables -A INPUT -p udp --dport 161 -j DROP
iptables -A INPUT -p tcp --dport 162 -j DROP
iptables -A INPUT -p udp --dport 162 -j DROP
-
yunushaikh
- Posts: 7
- Joined: 2015/07/08 12:49:20
Re: SNMPD for allowing only to single host
ok thanks for your help
I thought that there will be some option in snmpd.conf for doing this settings
I thought that there will be some option in snmpd.conf for doing this settings