Black Box LES1216A-R2 Manuale Utente
system.
-
Rules are added which explicitly allow network traffic to access enabled services, for example, TTP,
SNMP, etc.
-
Rules are added that explicitly allow traffic network traffic access to serial ports over enabled
protocols e.g. Telnet, SSH and raw TCP.
If the standard system firewall configuration is not adequate for your needs you can bypass it safely by
creating a file at /etc/config/filter-custom containing commands to build a specialized firewall. This
firewall script will run whenever the LAN interface is brought up (including initially) and will override any
automated system firewall settings.
Below is a simple example of a custom script that creates a firewall using the iptables command. Only
Below is a simple example of a custom script that creates a firewall using the iptables command. Only
incoming connections from computers on a C-class network 192.168.10.0 will be accepted when this
script is installed at /etc/config/filter-custom. Note that when this script is called, any preexisting chains
and rules have been flushed from iptables:
#/bin/sh
# Set default policies to drop any incoming or routable traffic
# and blindly accept anything from the 192.168.10.0 network.
iptables –-policy FORWARD DROP
iptables –-policy INPUT DROP
iptables –-policy OUTPUT ACCEPT
# Allow responses to outbound connections back in.
iptables –-append INPUT \
–-match state –-state ESTABLISHED,RELATED –-jump ACCEPT
# Explicitly accept any connections from computers on
# 192.168.10.0/24
iptables –-append INPUT –-source 192.168.10.0/24 –-jump ACCEPT
There’s good documentation about using the iptables command at the Linux netfilter website
http://netfilter.org/documentation/index.html. There are also many high-quality tutorials and HOWTOs
available via the netfilter website, in particular peruse the tutorials listed on the netfilter HOWTO page.
15.5 Modifying SNMP Configuration
15.5.1 /etc/config/snmpd.conf
The net-snmpd is an extensible SNMP agent which
The net-snmpd is an extensible SNMP agent which
responds to SNMP queries for management
information from SNMP management software. Upon receiving a request, it processes the request(s),
collects the requested information and/or performs the requested operation(s) and returns the
information to the sender.
This includes built-in support for a wide range of MIB information modules, and can be extended using
This includes built-in support for a wide range of MIB information modules, and can be extended using
dynamically loaded modules, external scripts and commands.
snmpd when enabled should run with a
default configuration. You can customize its behavior via the options in /etc/config/snmpd.conf.
To change standard system information such as system contact, name, and location, edit
/etc/config/snmpd.conf file and locate the following lines:
sysdescr
"Black Box"
syscontact
root <root@localhost>(configure /etc/default/snmpd.conf)
_____________________________________________________________________
724-746-5500 | blackbox.com
Page 249