From owner-freebsd-security  Thu Dec  7 13:35:32 2000
From owner-freebsd-security@FreeBSD.ORG  Thu Dec  7 13:35:30 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from databits.net (analog.databits.net [207.29.192.55])
	by hub.freebsd.org (Postfix) with SMTP id 8A28737B400
	for <freebsd-security@FreeBSD.ORG>; Thu,  7 Dec 2000 13:35:29 -0800 (PST)
Received: (qmail 10154 invoked by uid 1000); 7 Dec 2000 21:35:18 -0000
Date: Thu, 7 Dec 2000 16:35:18 -0500
From: Pete Fritchman <petef@databits.net>
To: "David G. Andersen" <dga@pobox.com>
Cc: Brad Mace <root@battery.yi.org>, freebsd-security@FreeBSD.ORG
Subject: Re:  mrtg through firewall
Message-ID: <20001207163518.A3794@databits.net>
References: <Pine.BSF.4.10.10012062251320.47173-100000@battery.yi.org> <200012070505.WAA03558@faith.cs.utah.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200012070505.WAA03558@faith.cs.utah.edu>; from dga@pobox.com on Wed, Dec 06, 2000 at 10:05:07PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

No, you don't.  You can allow any UDP with the source port of snmp to talk to 
your mrtg box.

-pete

++ 06/12/00 22:05 -0700 - David G. Andersen:
>Not really.  You're going to basically have to allow UDP from the snmp
>port back to any of your high UDP ports, but you can at least limit it to
>that.  You'll still be able to block most of the reserved UDP ports.
>
>Similar problems exist with many DNS resolvers, so it likely won't be a
>big change for your firewall rules.
>
>  -Dave
>
>Lo and behold, Brad Mace once said:
>> 
>> I've been trying to setup my firewall rules to allow mrtg to run.  It
>> seems to use different udp ports each time.  Is there a way i can allow it
>> without allowing all udp packets?
>> 
>> 
>> 
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-security" in the body of the message
>> 
>
>
>-- 
>work: dga@lcs.mit.edu                          me:  dga@pobox.com
>      MIT Laboratory for Computer Science           http://www.angio.net/
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
--
Pete Fritchman <petef@databits.net>
Databits Network Services, Inc
http://www.databits.net
finger: petef@analog.databits.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message