diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-01-19 08:06:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-19 08:06:54 +0100 |
| commit | 56074c22eb7420bdaa12b41e42b61ef1d9583cd3 (patch) | |
| tree | ea788f5e51533996e0b9eca4730719ddcb40e507 /data/templates/snmp/etc.snmpd.conf.j2 | |
| parent | 1f34027a1cb85c289da0f3b2b74263a80118bee7 (diff) | |
| parent | 67fa5f55ac79838768b4b0a5f6d2c4b3b4c8e762 (diff) | |
| download | vyos-1x-56074c22eb7420bdaa12b41e42b61ef1d9583cd3.tar.gz vyos-1x-56074c22eb7420bdaa12b41e42b61ef1d9583cd3.zip | |
Merge pull request #1697 from nicolas-fort/snmp_rework
T4857: SNMP: Implement FRR SNMP Recomendations
Diffstat (limited to 'data/templates/snmp/etc.snmpd.conf.j2')
| -rw-r--r-- | data/templates/snmp/etc.snmpd.conf.j2 | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 index a9bbf68ce..793facc3f 100644 --- a/data/templates/snmp/etc.snmpd.conf.j2 +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -62,28 +62,47 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vy {% if comm_config.client is vyos_defined %} {% for client in comm_config.client %} {% if client | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ client }} +{{ comm_config.authorization }}community {{ comm }} {{ client }} -V RESTRICTED {% elif client | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ client }} +{{ comm_config.authorization }}community6 {{ comm }} {{ client }} -V RESTRICTED {% endif %} {% endfor %} {% endif %} {% if comm_config.network is vyos_defined %} {% for network in comm_config.network %} {% if network | is_ipv4 %} -{{ comm_config.authorization }}community {{ comm }} {{ network }} +{{ comm_config.authorization }}community {{ comm }} {{ network }} -V RESTRICTED {% elif network | is_ipv6 %} -{{ comm_config.authorization }}community6 {{ comm }} {{ network }} +{{ comm_config.authorization }}community6 {{ comm }} {{ network }} -V RESTRICTED {% endif %} {% endfor %} {% endif %} {% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} -{{ comm_config.authorization }}community {{ comm }} -{{ comm_config.authorization }}community6 {{ comm }} +{{ comm_config.authorization }}community {{ comm }} -V RESTRICTED +{{ comm_config.authorization }}community6 {{ comm }} -V RESTRICTED {% endif %} {% endfor %} {% endif %} +# Default RESTRICTED view +view RESTRICTED included .1 80 +{% if 'ip-route-table' not in oid_enable %} +# ipRouteTable oid: excluded +view RESTRICTED excluded .1.3.6.1.2.1.4.21 +{% endif %} +{% if 'ip-net-to-media-table' not in oid_enable %} +# ipNetToMediaTable oid: excluded +view RESTRICTED excluded .1.3.6.1.2.1.4.22 +{% endif %} +{% if 'ip-net-to-physical-phys-address' not in oid_enable %} +# ipNetToPhysicalPhysAddress oid: excluded +view RESTRICTED excluded .1.3.6.1.2.1.4.35 +{% endif %} +{% if 'ip-forward' not in oid_enable %} +# ipForward oid: excluded +view RESTRICTED excluded .1.3.6.1.2.1.4.24 +{% endif %} + {% if contact is vyos_defined %} # system contact information SysContact {{ contact }} |