Thanks. It's been a long minute since I did an ACL and cisco descriptions are so bad

access list extended SNMP_deny

access list 110 deny udp any x.x.x.x 0.0.0.0 eq 161
access list 110 deny tcp any x.x.x.x 0.0.0.0 eq 161

permit any any

That's what I was basically thinking, where x.x.x.x is the IP of the port

i would all limited to required IP deny rest :

example :

ip access-list standard 10
permit 192.168.x.x

snmp-server community Mycomunity RO 10

or

snmp-server host 192.168.x.x mycommunity

 I'm not entirely sure what you are trying to do.

 All I want to do is block SNMP requests on internet facing ports from coming in. SNMP is already working internally. I just need to make sure a hacker doesn't use the latest SNMP vulnerability and enter our network through the internet facing port.

p access-list standard 10
permit 192.168.x.x   ---< this is your IP address of NMS Server ( so rest all denied)

snmp-server community Mycomunity RO 10

 OK. This is not about allowing SNMP through the internet facing port. RFC-1918 IPs are not routable on the internet.

 This is only trying to keep external bad actors from using SNMP to gain access from EXTERNAL networks.

 SNMP is done via the LAN not the WAN

SNMP must be blocked at the port facing the internet.

what i was suggested was only the IP can do the SNMP walk since we setup and ACL for SNMP

SNMP must be blocked at the port facing the internet.

if you like to do this, add ACL SNMP Block from Internet interface as example.

access-list 10 deny udp any any eq snmp

interface gig x/x

access-group 10 in

OK. Thanks. I have

ip access-list extended SNMP_deny
deny udp any any eq snmp
permit ip any any

interface GigabitEthernet0/0/0
ip access-group SNMP_deny in

yes in that context should be good.