> My understanding is snmpd is using tcpwrap lib. So, if we can use
> hosts.allow/hosts.deny to control the access.
Yes - that's correct.
[ snip analysis ]
> A) Is there something wrong?
> B) How can I control access by using hosts.allow/hosts.deny?
I think that basically you're doing the right thing.
Looking at the code, the main problem seems to be that the
libwrap rules are basically intended for IP-based transports
only, but are actually being applied regardless.
I've just applied a patch to the main development code which should
help with this situation (appended). Try that and see if it helps.
> C) The relationship between master agent and subagent effected by
> hosts.allow/hosts.deny setting?
Yes.
> Seems yes, how can I make tcpwrap not
> affect subagents? Subagents are behind master agent anyway.
It's probably reasonable that tcpwrap is applied to TCP-based
subagent connections. You don't really want an arbitrary subagent
connecting from somewhere else, and injecting bogus information.
But it's not sensible for local AgentX connections, using the
"callback" transport, which seems to be what's causing your problems.
Dave
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Net-snmp-coders mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
