Date: Thu, 7 Dec 2000 16:35:18 -0500 From: Pete Fritchman <petef@databits.net> To: "David G. Andersen" <dga@pobox.com> Cc: Brad Mace <root@battery.yi.org>, freebsd-security@FreeBSD.ORG Subject: Re: mrtg through firewall Message-ID: <20001207163518.A3794@databits.net> In-Reply-To: <200012070505.WAA03558@faith.cs.utah.edu>; from dga@pobox.com on Wed, Dec 06, 2000 at 10:05:07PM -0700 References: <Pine.BSF.4.10.10012062251320.47173-100000@battery.yi.org> <200012070505.WAA03558@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
No, you don't. You can allow any UDP with the source port of snmp to talk to your mrtg box. -pete ++ 06/12/00 22:05 -0700 - David G. Andersen: >Not really. You're going to basically have to allow UDP from the snmp >port back to any of your high UDP ports, but you can at least limit it to >that. You'll still be able to block most of the reserved UDP ports. > >Similar problems exist with many DNS resolvers, so it likely won't be a >big change for your firewall rules. > > -Dave > >Lo and behold, Brad Mace once said: >> >> I've been trying to setup my firewall rules to allow mrtg to run. It >> seems to use different udp ports each time. Is there a way i can allow it >> without allowing all udp packets? >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > >-- >work: dga@lcs.mit.edu me: dga@pobox.com > MIT Laboratory for Computer Science http://www.angio.net/ > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -- Pete Fritchman <petef@databits.net> Databits Network Services, Inc http://www.databits.net finger: petef@analog.databits.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001207163518.A3794>