How to let the Firewall of RHEL7 the SNMP connection passing?

How to let the Firewall of RHEL7 the SNMP connection passing?

When I did this command on the computer:

systemctl stop firewalld

All the SNMP packet are passing well. When I restarted firewalld all the packet arre blocked.
I tried several connfigruation with the firewall running of course, like:

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT


firewall-cmd --zone=public --add-port=161/tcp --permanent

I’ve not get any error message but the SNMP still in TIMEOUT.

Asked By: dubis


SNMP is udp vs tcp. Change your protocol in your rule and it should work.

Answered By: Grim76

The correct way to do this is to add a profile for SNMP to firewalld. Using UDP 161 not TCP

vim /etc/firewalld/services/snmp.xml

<?xml version="1.0" encoding="utf-8"?>
  <description>SNMP protocol</description>
  <port protocol="udp" port="161"/>

Then you should reload your firewall

firewall-cmd --reload

Then you need to add the service to your public zone

firewall-cmd --zone=public --add-service snmp --permanent

Then finally reload your firewall again

firewall-cmd --reload

Answered By: squareborg

You need to open the 161/udp port (instead of tcp) :

firewall-cmd --zone=public --add-port=161/udp --permanent
firewall-cmd --reload

Or use these commands to create a new SNMP service (adapted from Documentation – HowTo – Add a Service | firewalld) :

firewall-cmd --permanent --new-service=snmp
firewall-cmd --permanent --service=snmp --set-description="SNMP protocol"
firewall-cmd --permanent --service=snmp --set-short=SNMP
firewall-cmd --permanent --service=snmp --add-port=161/udp
firewall-cmd --permanent --service=snmp --add-protocol=udp

and then use your brand new SNMP service :

firewall-cmd --zone=public --add-service snmp --permanent
firewall-cmd --reload
Answered By: SebMa
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.