I've figured this out. The way to do it does not involve filters at all, and for anyone that's wondering (or anyone that hasnt done the following) here are the steps I took: delete tftp client 0.0.0.0 add tftp client 10.0.1.1 add tftp client 192.168.1.1 < you can only specify individual hosts here, not subnets > add snmp community_pool admin address 10.0.1.1 add snmp community_pool admin address 192.168.1.1 < ditto here > add snmp community readonlycommunity access RO community_pool admin validate_address use_pool address 0.0.0.0 add snmp community readwritecommunity access RW community_pool admin validate_address use_pool address 0.0.0.0 add telnet client 10.0.1.0/24 add telnet client 192.168.1.0/24 enable telnet client_access Easy when you know how. Cheers Luke

-----Original Message----- From: Luke Dudney Sent: Thursday, 18 April 2002 10:10 AM To: usr-tc@mailman.xmission.com Subject: [USR-TC] Filtering telnet / tftp / snmp traffic to the hiperarc

Hi I've been through the list archives but haven't found anything very relevant.

I have a Hiperarc, say 10.0.0.1. Our administrative networks are 10.0.1.0/24 and 192.168.1.0/24

I want to reject telnet, tftp and snmp access to the hiperarc from any address not in the admin networks. I want to permit all other traffic through the hiperarc.

I am assuming this will be done with filters but I've spent the better part of a day trying to nut out a filter for this but I'm just banging me head into a brick wall.

Thanks Luke

_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc