How to let the Firewall of RHEL7 the SNMP connection passing?
41,697
The correct way to do this is to add a profile for SNMP to firewalld. Using UDP 161 not TCP
vim /etc/firewalld/services/snmp.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SNMP</short>
<description>SNMP protocol</description>
<port protocol="udp" port="161"/>
</service>
Then you should reload your firewall
firewall-cmd --reload
Then you need to add the service to your public zone
firewall-cmd --zone=public --add-service snmp --permanent
Then finally reload your firewall again
firewall-cmd --reload
Related videos on Youtube
Author by
dubis
Updated on September 18, 2022Comments
-
dubis over 1 year
How to let the Firewall of RHEL7 the SNMP connection passing?
When I did this command on the computer:
systemctl stop firewalld
All the SNMP packet are passing well. When I restarted firewalld all the packet arre blocked. I tried several connfigruation with the firewall running of course, like:
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT
or
firewall-cmd --zone=public --add-port=161/tcp --permanent
I've not get any error message but the SNMP still in TIMEOUT.
-
dubis almost 9 yearsThe command
firewall-cmd --zone=public --add-service SNMP --permanent
givesError: INVALID_SERVICE: SNMP
-
squareborg almost 9 yearsdid you reload your firewall after adding the snmp.xml ?
-
squareborg almost 9 yearsSorry try snmp not SNMP, updated answer, copy paste fail.
-
dubis almost 9 yearsI restarted the procedure from the beguining and it's working thanks a lot
-
Grim76 almost 9 yearsAre you also blocking outbound traffic on udp 161? Keep in mind that UDP traffic is stateless and you have to have a specific rule for it.