net-snmp: firewall rule hardcodes UDP port 161 regardless of agentaddress

[librick]

Package Name

net-snmp

Maintainer

@stintel

OpenWrt Version

21.02-SNAPSHOT

OpenWrt Target/Subtarget

Redacted for privacy

Steps to Reproduce

Ensure snmpd is installed:

opkg update
opkg install snmpd

Configure snmpd to listen on a non-standard port and add a network to trigger firewall rule creation:

uci set snmpd.@agent[0].agentaddress='UDP:5000'
uci add_list snmpd.general.network='lan'
uci commit snmpd
/etc/init.d/snmpd restart

Verify snmpd is listening on UDP port 5000:

netstat -uln | grep 5000

Check the firewall rules created by snmpd:

fw3 print 2>/dev/null | grep snmpd

Expected Behaviour

Firewall rule opens UDP port 5000.

Actual Behaviour

Firewall rule opens UDP port 161 instead of the configured UDP port 5000:

root@OpenWrt:~# netstat -uln | grep 5000
udp        0      0 0.0.0.0:5000            0.0.0.0:*

root@OpenWrt:~# fw3 print 2>/dev/null | grep snmpd
iptables -t filter -A zone_lan_input -p udp -m udp --dport 161 -m comment --comment "!fw3: ubus:snmpd[instance1] rule 0" -j ACCEPT

snmpd listens on UDP port 5000, but the firewall only allows traffic on UDP port 161. Remote SNMP queries to UDP port 5000 are dropped.

Relevant Code

packages/net/net-snmp/files/snmpd.init

Line 330 in 7658669

snmpd_setup_fw_rules() {

Port 161 and UDP are hardcoded in snmpd_setup_fw_rules:

json_add_string proto udp
json_add_string dest_port 161

Confirmation Checklist

• The package is maintained in this repository.
• I understand that issues related to the base OpenWrt repository or LuCI repository will be closed.
• I am reporting an issue for OpenWrt, not an unsupported fork.