On Wed, Mar 10, 2021 at 02:03:05PM -0000, Keith Clay wrote:
In our public zone we've opened ports 161/162 for snmp traffic.
We do
an snmpwalk but even with the ports open we still have to open ports
1024-65535 in order for it to work. Is there a way to open 161/162
without opening the entire non-privilege port range for it to work.
Thanks
The built in `snmp` service does not have the snmp conntrack helper
enabled. Try adding it:
# firewall-cmd --permanent --service snmp --add-helper snmp
# firewall-cmd --reload
# firewall-cmd --zone <zone> --add-service snmp
I'm mostly guessing. I'm not sure if the kernel conntrack helper will
handle the scenario you describe.
Eric.