Would you be able to make SNMP listen on the LAN interfaces only like SSH and the web admin ports?
Doing a PCI Security Audit and SNMP shows up as listening on all interfaces regardless of SNMP ip restrictions. Seems like a potential security hole that could be exploited some day.