Tripp Lite B0930042E4U Owners Manual for B093- B097- and B098-Series Console S - Page 247

15. Advanced Configuration 15.4 IP Filtering The console server uses the iptables utility to provide a stateful firewall of LAN traffic. By default, rules are automatically inserted to allow access to enabled services and serial port access via enabled protocols. The commands that add these rules are contained in configuration files: /etc/config/fw.rules This is an executable shell script that runs whenever the LAN interface is brought up. Modifications are made to the iptables configuration because of CGI actions or the config command line tool. The basic steps are as follows: • Running iptables configuration is erased; per-interface and other standard system chains are installed. • Fall through Block rules (default deny) are installed. • Serial & Network: Services policies are installed in per-interface chains. • Custom Serial & Network: Firewall rules are inserted at the top of the rule sets, taking priority over any other configuration. If you require further firewall customization, extra rules can be persisted by creating a file at /etc/config/scripts/firewall-post containing iptables commands to amend the firewall policy. Documentation about using the iptables command can be found at the Linux netfilter website http://netfilter.org/ documentation/index.html. Many tutorials are also available at the netfilter website, in particular, the tutorials listed on the netfilter how-to page. 15.5 SNMP Status Reporting All console servers contain an SNMP Service (snmpd) which provides on-demand status information. snmpd is an SNMP agent that binds to a port and awaits requests from SNMP management software. Upon receiving a request, it processes the request(s), collects the requested information and/or performs the requested operation(s) and returns the information to the sender. Note: Initially, only advanced console server models were equipped with an SNMP Service. With firmware version 3.0 (and later), this support was extended to all console servers. Also, the MIBS were extended (and renamed for compliance) with this firmware release. All console servers can also be configured to send SNMP traps/messages to multiple remote SNMP Network Managers on defined trigger events. Refer to 7. Alerts, Auto-Response and Logging for configuration details 15.5.1 Retrieving Status Information using SNMP Console servers can provide serial and device status information via SNMP. This includes: • Serial port status • Active users • Remote Power Control (RPC) and Power Distribution Unit (PDU) status • Environmental Monitoring Device (EMD) status • Signal alert status • Environmental alert status • UPS alert status The MIBs in your console server are located in /etc/snmp/mibs. TL-STATUS-MIB.mib - This new MIB contains serial and connected device status information (for snmpstatusd & snmpalertd). TL-STATUSv2-MIB.mib - This new MIB contains extended status and alert. TL-SMI-MIB.mib - Enterprise structure of management information. TLTRAP-MIB.mib - SMIv1 traps from old MIBS (as smilint will not let SMIv1 structures coexist with SMIv2). 247