If I want to restrict SNMP access to a list of networks in snmpd.conf, can I do something like:
rocommunity secret 10.0.0.0/24, 172.10.0.0/16
(Just so nobody chastises me – "secret" is an example – I know one should never use that for an actual secret)
Most of the examples I've seen only list a single network after the secret. I have also seen:
rocommunity secret 10.0.0.0/24
rocommunity secret 172.10.0.0/16
but I have a lot of networks to list, so putting them all in a single comma-separated list would be preferable.
Note, the goal here is the most simple configuration possible.
Best Answer
Actually if you have multiple networks, it may be preferable to list them one per line, especially if
snmpd.confis not maintained / produced by some other provisioning tool. It is way more likely that you make a mistake editing a line full of numbers in order to change or remove a network, than doing it for a single line.That being said, from the snmpd.conf documentation it seems that you cannot have a comma separated list of networks.