From owner-freebsd-security Wed Dec 6 21: 5:12 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 6 21:05:10 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108]) by hub.freebsd.org (Postfix) with ESMTP id C18EA37B401 for ; Wed, 6 Dec 2000 21:05:09 -0800 (PST) Received: (from danderse@localhost) by faith.cs.utah.edu (8.9.3/8.9.3) id WAA03558; Wed, 6 Dec 2000 22:05:07 -0700 (MST) Message-Id: <200012070505.WAA03558@faith.cs.utah.edu> Subject: Re: mrtg through firewall To: root@battery.yi.org (Brad Mace) Date: Wed, 6 Dec 2000 22:05:07 -0700 (MST) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "Brad Mace" at Dec 06, 2000 10:53:18 PM From: "David G. Andersen" X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: danderse@cs.utah.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Not really. You're going to basically have to allow UDP from the snmp port back to any of your high UDP ports, but you can at least limit it to that. You'll still be able to block most of the reserved UDP ports. Similar problems exist with many DNS resolvers, so it likely won't be a big change for your firewall rules. -Dave Lo and behold, Brad Mace once said: > > I've been trying to setup my firewall rules to allow mrtg to run. It > seems to use different udp ports each time. Is there a way i can allow it > without allowing all udp packets? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message