8

How to let the Firewall of RHEL7 the SNMP connection passing?

When I did this command on the computer: 

systemctl stop firewalld

All the SNMP packet are passing well. When I restarted firewalld all the packet arre blocked. I tried several connfigruation with the firewall running of course, like:

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT

or 

firewall-cmd --zone=public --add-port=161/tcp --permanent

I've not get any error message but the SNMP still in TIMEOUT.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
dubis
  • 1,430
  • 2
  • 18
  • 31

2 Answers2

16

The correct way to do this is to add a profile for SNMP to firewalld. Using UDP 161 not TCP

vim /etc/firewalld/services/snmp.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SNMP</short>
  <description>SNMP protocol</description>
  <port protocol="udp" port="161"/>
</service>

Then you should reload your firewall

firewall-cmd --reload

Then you need to add the service to your public zone

firewall-cmd --zone=public --add-service snmp --permanent

Then finally reload your firewall again

firewall-cmd --reload

squareborg
  • 2,415
  • 1
  • 21
  • 25
0

SNMP is udp vs tcp. Change your protocol in your rule and it should work.

Grim76
  • 19
  • 2
  • I used this command changing tcp by udp but the port still closed ` snmpwalk -v2c -c public computer system` ===> `Timeout: No Response from computer` – dubis Jul 07 '15 at 14:34
  • Are you also blocking outbound traffic on udp 161? Keep in mind that UDP traffic is stateless and you have to have a specific rule for it. – Grim76 Jul 07 '15 at 17:49