[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Jun 15 16:01:37 CDT 2011
Index: core1.tul-mx960.onenet.net
===================================================================
--- core1.tul-mx960.onenet.net (revision 12925)
+++ core1.tul-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE1-MX960-RE0> show system commit
+# 2011-06-15 15:08:00 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-06-09 22:11:45 CDT by admin via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-09 19:54:05 CDT by admin via cli commit confirmed, rollback in 3mins synchronize
# 2011-06-01 17:05:14 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-01 16:59:35 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-05-25 23:15:15 CDT by jeremyt via cli commit confirmed, rollback in 5mins synchronize
-# 2011-05-25 09:22:40 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# grnoc-mon at TULSA-CORE1-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -345,7 +345,7 @@
# grnoc-mon at TULSA-CORE1-MX960-RE0> show system uptime
# System booted: 2011-03-24 16:05 CDT
# Protocols started: 2011-04-05 15:46 CDT
-# Last configured: 2011-06-09 22:11 CDT by admin
+# Last configured: 2011-06-15 15:08 CDT by jeremyt
#
# {master}
# grnoc-mon at TULSA-CORE1-MX960-RE0> show interface terse
@@ -425,7 +425,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE1-MX960-RE0> show configuration
-## Last commit: 2011-06-09 22:11:45 CDT by admin
+## Last commit: 2011-06-15 15:08:00 CDT by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -995,6 +995,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1089,6 +1090,44 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ discard;
+ }
+ }
+ }
+ filter WEB-FILTER {
+ term 1 {
+ from {
+ source-address {
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
+ port [ http ftp nntp ];
+ }
+ then {
+ count WEB-FILTER;
+ log;
+ port-mirror;
+ accept;
+ }
+ }
+ term 2 {
+ then accept;
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -1112,14 +1151,25 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
164.58.199.216/32;
164.58.199.226/32;
@@ -1138,7 +1188,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1156,6 +1206,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1178,7 +1229,8 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1187,7 +1239,7 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
}
protocol pim;
}
@@ -1196,13 +1248,20 @@
term BFD-ALLOW {
from {
source-address {
- 164.58.15.0/24;
+ 164.58.0.0/16;
}
protocol udp;
port [ 3784 3785 ];
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
@@ -1211,44 +1270,6 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- discard;
- }
- }
- }
- filter WEB-FILTER {
- term 1 {
- from {
- source-address {
- 164.58.0.0/16;
- 156.110.0.0/16;
- }
- port [ http ftp nntp ];
- }
- then {
- count WEB-FILTER;
- log;
- port-mirror;
- accept;
- }
- }
- term 2 {
- then accept;
- }
- }
}
}
routing-instances {
Index: core5.tul-mx480.onenet.net
===================================================================
--- core5.tul-mx480.onenet.net (revision 13159)
+++ core5.tul-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system commit
+# 2011-06-15 15:27:55 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-06-14 23:08:23 CDT by jeremyt via cli commit synchronize
# 2011-06-07 16:04:53 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-07 13:32:25 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-07 13:28:38 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-07 13:17:31 CDT by von via cli commit confirmed, rollback in 1mins synchronize
-# 2011-06-07 13:16:45 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# grnoc-mon at TULSA-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -327,7 +327,7 @@
# grnoc-mon at TULSA-CORE5-MX480-RE0> show system uptime
# System booted: 2011-03-24 15:25 CDT
# Protocols started: 2011-03-24 15:26 CDT
-# Last configured: 2011-06-14 23:08 CDT by jeremyt
+# Last configured: 2011-06-15 15:27 CDT by jeremyt
#
# {master}
# grnoc-mon at TULSA-CORE5-MX480-RE0> show interface terse
@@ -444,7 +444,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE5-MX480-RE0> show configuration
-## Last commit: 2011-06-14 23:08:23 CDT by jeremyt
+## Last commit: 2011-06-15 15:27:55 CDT by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -2457,6 +2457,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ discard;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -2469,7 +2487,6 @@
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
- 164.58.0.0/16;
164.58.15.0/24;
}
protocol tcp;
@@ -2482,26 +2499,27 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
- term IBGP-ALLOW {
+ term EBGP-ALLOW {
from {
- source-address {
- 164.58.199.216/32;
- 164.58.199.226/32;
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
}
protocol tcp;
port 179;
}
then accept;
}
- term EBGP-ALLOW {
+ term IBGP-ALLOW {
from {
- prefix-list {
- EBGP-IPV4-NEIGHBORS;
+ source-address {
+ 164.58.199.216/32;
+ 164.58.199.226/32;
}
protocol tcp;
port 179;
@@ -2517,7 +2535,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -2535,6 +2553,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -2558,6 +2577,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -2608,24 +2628,6 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- discard;
- }
- }
- }
}
}
inactive: services {
Index: core6.tul-m7i.onenet.net
===================================================================
--- core6.tul-m7i.onenet.net (revision 13153)
+++ core6.tul-m7i.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show system commit
+# 2011-06-15 15:43:07 CDT by jeremyt via cli commit confirmed, rollback in 2mins
# 2011-06-14 23:54:12 CDT by jeremyt via cli
# 2011-06-14 23:37:55 CDT by jeremyt via cli
# 2011-06-14 23:30:55 CDT by jeremyt via cli
# 2011-06-14 23:24:07 CDT by jeremyt via cli
# 2011-06-14 23:18:27 CDT by jeremyt via cli
-# 2011-06-14 23:08:49 CDT by jeremyt via cli
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show chassis environment
# Class Item Status Measurement
# Power Power Supply 0 OK
@@ -192,7 +192,7 @@
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show system uptime
# System booted: 2011-03-24 16:11 CDT
# Protocols started: 2011-04-05 03:27 CDT
-# Last configured: 2011-06-14 23:54 CDT by jeremyt
+# Last configured: 2011-06-15 15:43 CDT by jeremyt
#
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show interface terse
#Interface Admin Link
@@ -234,7 +234,7 @@
#pime up up
#tap up up
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show configuration
-## Last commit: 2011-06-14 23:54:12 CDT by jeremyt
+## Last commit: 2011-06-15 15:43:07 CDT by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -822,6 +822,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ reject;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -845,7 +863,8 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
@@ -871,7 +890,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -889,6 +908,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -911,7 +931,8 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -920,7 +941,7 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
}
protocol pim;
}
@@ -929,13 +950,20 @@
term BFD-ALLOW {
from {
source-address {
- 164.58.15.0/24;
+ 164.58.0.0/16;
}
protocol udp;
port [ 3784 3785 ];
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
@@ -944,23 +972,5 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- reject;
- }
- }
- }
}
}
Index: core3.tul-m120.onenet.net
===================================================================
--- core3.tul-m120.onenet.net (revision 13145)
+++ core3.tul-m120.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE-3-M120-RE0> show system commit
+# 2011-06-15 15:18:45 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-06-14 22:48:29 CDT by jeremyt via cli commit synchronize
# 2011-05-27 08:01:29 CDT by joe via cli commit synchronize
# 2011-05-26 16:40:06 CDT by bobby via cli commit synchronize
# 2011-05-26 15:47:25 CDT by joe via cli commit synchronize
# 2011-05-26 14:51:35 CDT by joe via cli commit synchronize
-# 2011-05-26 13:29:06 CDT by joe via cli commit synchronize
# grnoc-mon at TULSA-CORE-3-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -342,7 +342,7 @@
# grnoc-mon at TULSA-CORE-3-M120-RE0> show system uptime
# System booted: 2011-04-16 20:58 CDT
# Protocols started: 2011-04-16 20:59 CDT
-# Last configured: 2011-06-14 22:48 CDT by jeremyt
+# Last configured: 2011-06-15 15:18 CDT by jeremyt
#
# {master}
# grnoc-mon at TULSA-CORE-3-M120-RE0> show interface terse
@@ -709,7 +709,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE-3-M120-RE0> show configuration
-## Last commit: 2011-06-14 22:48:29 CDT by jeremyt
+## Last commit: 2011-06-15 15:18:45 CDT by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -2743,6 +2743,7 @@
204.87.86.35/32;
204.87.86.36/32;
}
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -2837,6 +2838,110 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ reject;
+ }
+ }
+ }
+ filter VIDEO {
+ term 1 {
+ from {
+ source-address {
+ 156.110.211.42/32;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term 2 {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 156.110.211.42/32;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term 3 {
+ then accept;
+ }
+ }
+ filter VIDEO-FLOW {
+ interface-specific;
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then {
+ sample;
+ next term;
+ }
+ }
+ term 1 {
+ from {
+ source-prefix-list {
+ VIDEO;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term 2 {
+ from {
+ destination-prefix-list {
+ VIDEO;
+ }
+ }
+ then {
+ forwarding-class video;
+ accept;
+ }
+ }
+ term ACCEPT-ALL {
+ then accept;
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -2849,7 +2954,7 @@
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
- 164.58.0.0/16;
+ 164.58.15.0/24;
}
protocol tcp;
destination-port [ ssh http ];
@@ -2861,13 +2966,24 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
164.58.199.216/32;
164.58.199.226/32;
@@ -2886,7 +3002,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -2904,6 +3020,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -2913,7 +3030,6 @@
term SNMP-ALLOW {
from {
source-address {
- 164.58.25.0/32;
164.58.253.0/24;
156.110.31.0/27;
156.110.31.32/28;
@@ -2928,6 +3044,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -2952,6 +3069,13 @@
}
then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
@@ -2960,110 +3084,6 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- reject;
- }
- }
- }
- filter VIDEO {
- term 1 {
- from {
- source-address {
- 156.110.211.42/32;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term 2 {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 156.110.211.42/32;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term 3 {
- then accept;
- }
- }
- filter VIDEO-FLOW {
- interface-specific;
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then {
- sample;
- next term;
- }
- }
- term 1 {
- from {
- source-prefix-list {
- VIDEO;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term 2 {
- from {
- destination-prefix-list {
- VIDEO;
- }
- }
- then {
- forwarding-class video;
- accept;
- }
- }
- term ACCEPT-ALL {
- then accept;
- }
- }
}
policer CARL-ALBERT-POL {
if-exceeding {
Index: core2.tul-mx960.onenet.net
===================================================================
--- core2.tul-mx960.onenet.net (revision 12923)
+++ core2.tul-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE2-MX960-RE0> show system commit
+# 2011-06-15 15:14:57 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-06-01 14:36:48 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-01 14:31:59 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-01 14:22:34 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-06-01 14:12:59 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# 2011-05-25 12:27:12 CDT by von via cli commit synchronize
-# 2011-05-18 14:50:00 CDT by cjensen via cli commit synchronize
# grnoc-mon at TULSA-CORE2-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -345,7 +345,7 @@
# grnoc-mon at TULSA-CORE2-MX960-RE0> show system uptime
# System booted: 2011-03-24 15:59 CDT
# Protocols started: 2011-04-22 05:58 CDT
-# Last configured: 2011-06-01 14:36 CDT by von
+# Last configured: 2011-06-15 15:14 CDT by jeremyt
#
# {master}
# grnoc-mon at TULSA-CORE2-MX960-RE0> show interface terse
@@ -425,7 +425,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE2-MX960-RE0> show configuration
-## Last commit: 2011-06-01 14:36:48 CDT by von
+## Last commit: 2011-06-15 15:14:57 CDT by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -957,6 +957,7 @@
}
}
policy-options {
+ prefix-list EBGP-IPV4-NEIGHBORS;
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1041,6 +1042,44 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ reject;
+ }
+ }
+ }
+ filter WEB-FILTER {
+ term 1 {
+ from {
+ source-address {
+ 164.58.0.0/16;
+ 156.110.0.0/16;
+ }
+ port [ http ftp nntp ];
+ }
+ then {
+ count WEB-FILTER;
+ log;
+ port-mirror;
+ accept;
+ }
+ }
+ term 2 {
+ then accept;
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -1064,14 +1103,25 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
- term IBGP-allow {
+ term EBGP-ALLOW {
from {
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
+ term IBGP-ALLOW {
+ from {
source-address {
164.58.199.216/32;
164.58.199.226/32;
@@ -1090,7 +1140,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1108,6 +1158,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -1130,7 +1181,8 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -1139,7 +1191,7 @@
from {
source-address {
164.58.199.0/24;
- 164.58.15.0/24;
+ 164.58.0.0/16;
}
protocol pim;
}
@@ -1148,12 +1200,20 @@
term BFD-ALLOW {
from {
source-address {
- 164.58.15.0/24;
+ 164.58.0.0/16;
}
protocol udp;
port [ 3784 3785 ];
}
+ then accept;
}
+ term TRACEROUTE-ALLOW {
+ from {
+ protocol udp;
+ destination-port 33434-33523;
+ }
+ then accept;
+ }
term DENY_ALL {
then {
log;
@@ -1162,44 +1222,6 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- reject;
- }
- }
- }
- filter WEB-FILTER {
- term 1 {
- from {
- source-address {
- 164.58.0.0/16;
- 156.110.0.0/16;
- }
- port [ http ftp nntp ];
- }
- then {
- count WEB-FILTER;
- log;
- port-mirror;
- accept;
- }
- }
- term 2 {
- then accept;
- }
- }
}
}
inactive: services {
Index: core4.tul-mx480.onenet.net
===================================================================
--- core4.tul-mx480.onenet.net (revision 13118)
+++ core4.tul-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE4-MX480-RE0> show system commit
+# 2011-06-15 15:22:34 CDT by jeremyt via cli commit confirmed, rollback in 2mins synchronize
# 2011-06-14 15:50:39 CDT by todd via cli commit synchronize
# 2011-06-14 15:30:03 CDT by todd via cli commit synchronize
# 2011-06-14 15:29:40 CDT by todd via cli commit synchronize
# 2011-06-14 14:58:36 CDT by todd via cli commit synchronize
# 2011-06-14 14:50:53 CDT by todd via cli commit synchronize
-# 2011-06-09 13:31:32 CDT by von via cli commit confirmed, rollback in 1mins synchronize
# grnoc-mon at TULSA-CORE4-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -320,7 +320,7 @@
# grnoc-mon at TULSA-CORE4-MX480-RE0> show system uptime
# System booted: 2011-03-24 15:24 CDT
# Protocols started: 2011-03-24 15:25 CDT
-# Last configured: 2011-06-14 15:50 CDT by todd
+# Last configured: 2011-06-15 15:22 CDT by jeremyt
#
# {master}
# grnoc-mon at TULSA-CORE4-MX480-RE0> show interface terse
@@ -423,7 +423,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE4-MX480-RE0> show configuration
-## Last commit: 2011-06-14 15:50:39 CDT by todd
+## Last commit: 2011-06-15 15:22:34 CDT by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -1911,6 +1911,24 @@
}
firewall {
family inet {
+ filter FLOW-INFO {
+ term ALL_FLOW {
+ from {
+ source-address {
+ 0.0.0.0/0;
+ }
+ destination-address {
+ 0.0.0.0/0;
+ }
+ }
+ then sample;
+ }
+ term REJECT_ALL {
+ then {
+ discard;
+ }
+ }
+ }
filter PROTECT-RE {
term SERVICES {
from {
@@ -1935,26 +1953,27 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol ospf;
}
then accept;
}
- term IBGP-ALLOW {
+ term EBGP-ALLOW {
from {
- source-address {
- 164.58.199.216/32;
- 164.58.199.226/32;
+ prefix-list {
+ EBGP-IPV4-NEIGHBORS;
}
protocol tcp;
port 179;
}
then accept;
}
- term EBGP-ALLOW {
+ term IBGP-ALLOW {
from {
- prefix-list {
- EBGP-IPV4-NEIGHBORS;
+ source-address {
+ 164.58.199.216/32;
+ 164.58.199.226/32;
}
protocol tcp;
port 179;
@@ -1970,7 +1989,7 @@
}
term SERVICES-OUTBOUND {
from {
- source-port [ domain ntp ssh ];
+ source-port [ domain ntp ssh syslog ftp 7804 telnet ];
}
then accept;
}
@@ -1988,6 +2007,7 @@
from {
source-address {
164.58.10.1/32;
+ 164.58.199.0/24;
}
protocol udp;
port ntp;
@@ -2011,6 +2031,7 @@
source-address {
164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
port ldp;
}
@@ -2050,24 +2071,6 @@
}
}
}
- filter FLOW-INFO {
- term ALL_FLOW {
- from {
- source-address {
- 0.0.0.0/0;
- }
- destination-address {
- 0.0.0.0/0;
- }
- }
- then sample;
- }
- term REJECT_ALL {
- then {
- discard;
- }
- }
- }
}
}
inactive: routing-instances {
Index: hub.okm.onenet.net
===================================================================
--- hub.okm.onenet.net (revision 13208)
+++ hub.okm.onenet.net (working copy)
@@ -354,16 +354,16 @@
#t1-2/0/3:3 up down
#t1-2/0/3:4 up down
#t1-2/0/3:5 up down
-#t1-2/0/3:6 up down
-#t1-2/0/3:6.0 up down
+#t1-2/0/3:6 up up
+#t1-2/0/3:6.0 up up
#t1-2/0/3:7 up down
-#t1-2/0/3:8 up down
-#t1-2/0/3:8.0 up down
+#t1-2/0/3:8 up up
+#t1-2/0/3:8.0 up up
#t1-2/0/3:9 up down
-#t1-2/0/3:10 up down
-#t1-2/0/3:10.0 up down
-#t1-2/0/3:11 up down
-#t1-2/0/3:11.0 up down
+#t1-2/0/3:10 up up
+#t1-2/0/3:10.0 up up
+#t1-2/0/3:11 up up
+#t1-2/0/3:11.0 up up
#t1-2/0/3:12 up down
#t1-2/0/3:13 up down
#t1-2/0/3:14 up down
Index: core3.okc-m120.onenet.net
===================================================================
--- core3.okc-m120.onenet.net (revision 13213)
+++ core3.okc-m120.onenet.net (working copy)
@@ -1565,8 +1565,8 @@
#ct3-3/3/0:11 up up
#t1-3/3/0:11:1 up up
#t1-3/3/0:11:1.0 up up
-#t1-3/3/0:11:2 up down
-#t1-3/3/0:11:2.0 up down
+#t1-3/3/0:11:2 up up
+#t1-3/3/0:11:2.0 up up
#t1-3/3/0:11:3 up up
#t1-3/3/0:11:3.0 up up
#t1-3/3/0:11:4 up up
@@ -1762,8 +1762,8 @@
#t1-4/0/2:25 up up
#t1-4/0/2:25.0 up up
#t1-4/0/2:26 up down
-#t1-4/0/2:27 up down
-#t1-4/0/2:27.0 up down
+#t1-4/0/2:27 up up
+#t1-4/0/2:27.0 up up
#t1-4/0/2:28 up down
#ct3-4/0/3 up up
#t1-4/0/3:1 up down
More information about the Nocrancid
mailing list