0

If I want to restrict SNMP access to a list of networks in snmpd.conf, can I do something like:

rocommunity secret 10.0.0.0/24, 172.10.0.0/16

(Just so nobody chastises me - "secret" is an example - I know one should never use that for an actual secret)

Most of the examples I've seen only list a single network after the secret. I have also seen:

rocommunity secret 10.0.0.0/24
rocommunity secret 172.10.0.0/16

but I have a lot of networks to list, so putting them all in a single comma-separated list would be preferable.

Note, the goal here is the most simple configuration possible.

Wade Williams
  • 178
  • 1
  • 5
  • Only because you bought it up... The community string in SNMP v1 and v2 isn't secured, the whole protocol isn't secure. So anyone can see anything running across the network. There's no great reason to pick a really secure string. SNMP v3 is a different story completely, with good security, but it also uses usernames and passwords, not community strings. – Chris S Nov 18 '15 at 19:37

1 Answers1

0

Actually if you have multiple networks, it may be preferable to list them one per line, especially if snmpd.conf is not maintained / produced by some other provisioning tool. It is way more likely that you make a mistake editing a line full of numbers in order to change or remove a network, than doing it for a single line.

That being said, from the snmpd.conf documentation it seems that you cannot have a comma separated list of networks.

adamo
  • 6,867
  • 3
  • 29
  • 58