IPTables for security SNMP

By default SNMP uses port 161 and TRAP⁄ INFORM uses port 162 for communication, you do not want to give access to everyone to your snmp server for security reasons. SNMP server uses UDP port # 161 and 162 for communication. Use Linux IPTABLES firewall command to restrict access to your SNMP server.

Allow outgoing SNMP server request from your Linux computer. This is useful when you query remote host/router (replace SERVER IO with your real IP):

SERVER="xxx.xxx.xxx.xxx"
iptables -A OUTPUT -p udp -s $SERVER --sport 1024:65535 -d 0/0 --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --sport 161:162 -d $SERVER --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Allow incoming SNMP client request via iptables. This is useful when you wish to accept queries for rest of the world (replace SERVER IP with your real IP):

SERVER="xxx.xxx.xxx.xxx"
iptables -A INPUT -p udp -s 0/0 --sport 1024:65535 -d $SERVER --dport 161:162 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -s $SERVER --sport 161:162 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT