
#-----------------------------------------------------------------------
# DESCRIPTION
#-----------------------------------------------------------------------
#
# This module allows/denys access from snmp managers. Nornally this
# module would only be enabled on PRIVATE interfaces, as probes to a
# firewall from a snmp manager is usually malicious
#
# After installing the module, the user should execute rc.firewall with
# the --update-config parameter. The necessary options will be added to
# the configuration file.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-04-21  Dougal Holmes <dholmes@bigpond.net.au>
#             Revised to use Hostports function.
# 2001-04-19  Dougal Holmes <dholmes@bigpond.net.au>
#             Initial module developed from 530-snmp-servers
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept ignore deny
#i# 
#n# snmp
#t# clients
#
#   |--------------------------------------------------------------------|
#d# snmp (Port 161 UDP)
#d# Use to grant or deny access from a snmp manager. Use with care
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------
#
#-----------------------------------------------------------------------

module_name="snmp"          # module name used in options
module_type="clients"       # the module type (clients, servers, etc.)
service_name="SNMP"         # displayed on-screen
service_port="161"          # port number for this service

for action in ignore deny accept
do
	for host in `Option_Value $action $INTOPT $module_name $module_type`
	do
		Hostports $action local udp "$service_name" $host $service_port ;;
	done
done

unset module_name module_type service_name service_port action host
