Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 11-11-2017, 02:36 PM   #16
Registered: Oct 2012
Location: Romania
Distribution: Slackware
Posts: 114

Original Poster
Rep: Reputation: Disabled

I've investigated a bit further and discovered more:

My /etc/hosts.deny (not installation default, but intended for better security) :
ALL:            ALL
My /etc/hosts.allow (not installation default, but somewhat tweaked for better security) :
ALL:            LOCAL

snmpd:          LOCAL
The other daemons don't count in this scope.

Now according to man 5 hosts_access :
LOCAL Matches any host whose name does not contain a dot character.
# For loopbacking.               localhost

# Local network                 hostname.domainname         hostname
Apparently snmpd knows and uses tcpwrappers library, but does not support it's full syntax:
# tcpdmatch snmpd localhost
warning: snmpd: no such process name in /etc/inetd.conf
client:   hostname localhost
client:   address
server:   process  snmpd
matched:  /etc/hosts.allow line 17
access:   granted
Yet it was not sufficient to allow connections from localhost (

Apparently snmpd recognizes "ALL", IP addresses, IP_network/NETMASK pairs.
It does not recognize hostnames (that need to be solved).
It does not recognize "LOCAL".

It also does work if the directive "ALL" for all daemons allows access according to the above limitations.
1 members found this post helpful.
Old 11-11-2017, 05:51 PM   #17
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 702

Rep: Reputation: 389Reputation: 389Reputation: 389Reputation: 389
While a little off-topic as it's not snmpd related anymore but basic networking configuration, I guess it should work even if you leave both the /etc/hosts.allow & /etc/hosts.deny empty, like they come by default and only define loclahost in /etc/hosts (which I think it also comes by default).

To make things a little simpler I'd suggest to filter your network only in one place through the kernel netfilter (iptables), which needless to say gives you more advanced control. Although the rc.firewall comes empty and disabled by default, its call position in rc.inet2 is appropriate to cover also the inetd services. My approach with netfilter is to cut everything first and gradually enable solely the traffic I really need. On the technical part it's maybe the most difficult way, because you clearly need to know a lot about the TCP/IP protocol and the requirements of the particular services you'd like to enable/offer, but on the safety side (especially now when everyone is scanning and attacking automatically through armies of bots) and filter system resources usage optimization (CPU cycles for matching rules) is the best.

Here I tried to help a fellow Slacker (hope I didn't scare him) with a basic such restrictive firewall (copy paste from my advanced firewall sample):
Old 11-13-2017, 03:38 AM   #18
Registered: Oct 2012
Location: Romania
Distribution: Slackware
Posts: 114

Original Poster
Rep: Reputation: Disabled
@abga: thank you for your observations.

I have detailed my findings further (without going offtopic) on the basis that I have discovered that snmpd, though it uses tcpwrappers library, apparently does not support all configuration directives (from man 5 hosts_access).



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding Custom Process to snmpd.config prabakar4all Linux - Server 0 08-01-2011 01:57 PM
Default Config for IPP cmnorton Linux - Server 0 01-28-2010 10:19 AM
doing /etc/init.d/snmpd status gives "snmpd dead but pid file exists" kaushal143 Linux - Newbie 2 07-10-2008 02:55 AM
snmpd: relocation error snmpd:undefined symbol: lastAddrAge Strike2000 Slackware 0 02-11-2008 04:45 AM
Default LILO Config spaaarky21 Mandriva 9 06-18-2004 02:51 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:36 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration