Simple Network Management Protocol (SNMP) is used for monitoring devices like routers, switches, servers, etc., over IP networks. By default, firewalls block incoming connections unless explicitly allowed. Here’s how you can allow SNMP traffic through the firewall in CentOS 7.
Step-by-step Guide:
- Check Current Firewall Status:Verify if the firewall service (
firewalld) is running using the following command:sudo systemctl status firewalldIf it’s not active, start and enable it with these commands:
sudo systemctl start firewalld sudo systemctl enable firewalld - Open Required SNMP Ports:The standard SNMP ports are UDP port
161for requests and UDP port162for traps. You need to add them to the firewall configuration.Add the required services or ports manually:sudo firewall-cmd --permanent --add-port=161/udp sudo firewall-cmd --permanent --add-port=162/udpAlternatively, you can use predefined SNMP service definitions provided by firewalld:
sudo firewall-cmd --permanent --add-service=snmp sudo firewall-cmd --permanent --add-service=snaptraps - Reload Firewall Configuration:After making changes, reload the firewall rules so they take effect immediately:
sudo firewall-cmd --reload - Verify Changes:Check whether the new rules have been applied successfully:
sudo firewall-cmd --list-allYou should see both SNMP-related ports/services listed under the active zone.
or add XML
nano /etc/firewalld/services/snmp.xml
ADD file
<?xml version="1.0" encoding="utf-8"?> <service> <short>SNMP</short> <description>SNMP protocol</description> <port protocol="udp" port="161"/> <port protocol="tcp" port="161"/> </service>
By following these steps, you’ll ensure that SNMP queries and trap notifications from managed devices reach your CentOS 7 host without being blocked by the firewall.