[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Wed Feb 19 16:02:19 CST 2014
Index: core.alt.onenet.net
===================================================================
--- core.alt.onenet.net (revision 108812)
+++ core.alt.onenet.net (working copy)
@@ -324,14 +324,14 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1101198 up up
-#lsi.1101199 up up
-#lsi.1101200 up up
-#lsi.1101201 up up
-#lsi.1101202 up up
-#lsi.1101203 up up
-#lsi.1101204 up up
-#lsi.1101205 up up
+#lsi.1101262 up up
+#lsi.1101263 up up
+#lsi.1101264 up up
+#lsi.1101265 up up
+#lsi.1101266 up up
+#lsi.1101267 up up
+#lsi.1101268 up up
+#lsi.1101269 up up
#mtun up up
#pimd up up
#pime up up
Index: core.hut.wea.onenet.net
===================================================================
--- core.hut.wea.onenet.net (revision 108814)
+++ core.hut.wea.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WEATHERFORD-MX40> show system commit
+# 2014-02-19 15:49:22 CST by jed via cli commit confirmed, rollback in 2mins
+# 2014-02-19 15:28:36 CST by josh via cli
+# 2014-02-19 15:26:38 CST by root via other
+# 2014-02-19 15:25:04 CST by josh via cli commit confirmed, rollback in 1mins
# 2014-02-19 14:49:37 CST by root via other
# 2014-02-19 14:46:54 CST by rnordmark via cli commit confirmed, rollback in 2mins
-# 2014-02-13 23:19:41 CST by joel via cli
-# 2014-02-13 23:17:23 CST by admin via cli
-# 2014-02-13 23:13:06 CST by admin via cli
-# 2014-02-13 23:11:58 CST by admin via cli
# grnoc-mon at WEATHERFORD-MX40> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -228,7 +228,7 @@
# grnoc-mon at WEATHERFORD-MX40> show system uptime
# System booted: 2014-02-13 23:09 CST
# Protocols started: 2014-02-13 23:11 CST
-# Last configured: 2014-02-19 14:49 CST by root
+# Last configured: 2014-02-19 15:49 CST by jed
#
# grnoc-mon at WEATHERFORD-MX40> show interface terse
#Interface Admin Link
@@ -295,7 +295,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WEATHERFORD-MX40> show configuration
-## Last commit: 2014-02-19 14:49:37 CST by root
+## Last commit: 2014-02-19 15:49:22 CST by jed
version 12.3R2.5;
system {
host-name WEATHERFORD-MX40;
Index: core.ida.onenet.net
===================================================================
--- core.ida.onenet.net (revision 108798)
+++ core.ida.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at IDABEL-MX480-RE0> show system commit
+# 2014-02-19 15:15:00 CST by josh via cli commit confirmed, rollback in 1mins synchronize
+# 2014-02-19 15:06:51 CST by josh via cli commit synchronize
+# 2014-02-19 15:05:24 CST by josh via cli commit synchronize
+# 2014-02-19 15:00:38 CST by josh via cli commit confirmed, rollback in 1mins synchronize
# 2014-02-19 13:05:39 CST by josh via cli commit synchronize
# 2014-02-19 12:37:13 CST by rnordmark via cli commit synchronize
-# 2014-02-19 11:58:34 CST by josh via cli commit confirmed, rollback in 1mins synchronize
-# 2014-02-19 11:51:27 CST by josh via cli commit synchronize
-# 2014-02-19 11:50:48 CST by josh via cli commit confirmed, rollback in 1mins synchronize
-# 2014-02-14 14:54:30 CST by rnordmark via cli commit synchronize
# grnoc-mon at IDABEL-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -249,7 +249,7 @@
# grnoc-mon at IDABEL-MX480-RE0> show system uptime
# System booted: 2013-05-26 00:55 CDT
# Protocols started: 2013-05-26 01:13 CDT
-# Last configured: 2014-02-19 13:05 CST by josh
+# Last configured: 2014-02-19 15:15 CST by josh
#
# {master}
# grnoc-mon at IDABEL-MX480-RE0> show interface terse
@@ -329,7 +329,7 @@
#pp0 up up
#tap up up
# grnoc-mon at IDABEL-MX480-RE0> show configuration
-## Last commit: 2014-02-19 13:05:39 CST by josh
+## Last commit: 2014-02-19 15:15:00 CST by josh
version 11.4R7.5;
groups {
re0 {
@@ -373,7 +373,7 @@
}
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
@@ -472,8 +472,7 @@
}
commit synchronize;
ntp {
- server 164.58.3.98;
- server 164.58.253.82 prefer;
+ server 164.58.3.98 prefer;
}
}
chassis {
@@ -885,6 +884,17 @@
}
policy-options {
prefix-list EBGP-IPV4-NEIGHBORS;
+ prefix-list ALLOWED-MGMT-SOURCES {
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1024,24 +1034,6 @@
firewall {
family inet {
filter PROTECT-RE {
- term SERVICES {
- from {
- source-address {
- 129.15.127.96/28;
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.10.0/24;
- 164.58.253.0/24;
- 64.207.244.14/32;
- 66.129.224.37/32;
- 164.58.15.0/24;
- 164.58.244.0/22;
- }
- protocol tcp;
- destination-port [ ssh http ];
- }
- then accept;
- }
term OSPF-ALLOW {
from {
source-address {
@@ -1074,6 +1066,16 @@
}
then accept;
}
+ term SSH-WEB-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ protocol tcp;
+ destination-port [ ssh http https ];
+ }
+ then accept;
+ }
term FIRST-FRAG {
from {
first-fragment;
@@ -1090,40 +1092,63 @@
discard;
}
}
- term ICMP-ALLOW {
+ term RADIUS-ALLOW {
from {
- protocol icmp;
- icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ source-address {
+ 156.110.31.11/32;
+ }
+ protocol [ udp tcp ];
+ port [ radius radacct ];
}
then accept;
}
- term SERVICES-OUTBOUND {
+ term NTP-ALLOW {
from {
- source-port [ domain ntp ssh syslog ftp 7804 telnet ];
+ source-address {
+ 164.58.3.98/32;
+ }
+ protocol udp;
+ port ntp;
}
then accept;
}
- term RADIUS {
+ term DOMAIN-ALLOW {
from {
source-address {
- 156.110.31.11/32;
+ 164.58.253.10/32;
+ 164.58.198.10/32;
}
- protocol [ udp tcp ];
- port [ radius radacct ];
+ port domain;
}
then accept;
}
- term NTP {
+ term SYSLOG-ALLOW {
from {
- source-address {
- 164.58.10.1/32;
- 164.58.199.0/24;
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
}
- protocol udp;
- port ntp;
+ port syslog;
}
then accept;
}
+ term FTP-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ port ftp;
+ }
+ then accept;
+ }
+ term JSPACE-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ source-port 7408;
+ }
+ then accept;
+ }
term SNMP-ALLOW {
from {
source-address {
@@ -1139,7 +1164,6 @@
term LDP-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
156.110.0.0/16;
}
@@ -1149,8 +1173,8 @@
term PIM-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol pim;
}
@@ -1160,12 +1184,20 @@
from {
source-address {
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol udp;
port [ 3784 3785 ];
}
then accept;
}
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
term TRACEROUTE-ALLOW {
from {
protocol udp;
@@ -1173,6 +1205,20 @@
}
then accept;
}
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp ntp domain ];
+ }
+ then {
+ discard;
+ }
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
term DENY_ALL {
then {
discard;
Index: core.law.onenet.net
===================================================================
--- core.law.onenet.net (revision 108815)
+++ core.law.onenet.net (working copy)
@@ -474,7 +474,7 @@
#lsi.1058664 up up
#lsi.1058703 up up
#lsi.1058853 up up
-#lsi.1058901 up up
+#lsi.1058909 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.nor.onenet.net
===================================================================
--- core1.nor.onenet.net (revision 108817)
+++ core1.nor.onenet.net (working copy)
@@ -450,7 +450,7 @@
#lsi.1056221 up up
#lsi.1056389 up up
#lsi.1056576 up up
-#lsi.1056624 up up
+#lsi.1056632 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.dc.onenet.net
===================================================================
--- core1.dc.onenet.net (revision 108820)
+++ core1.dc.onenet.net (working copy)
@@ -847,7 +847,7 @@
#lsi.1057672 up up
#lsi.1057714 up up
#lsi.1057901 up up
-#lsi.1057949 up up
+#lsi.1057957 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.okccc.onenet.net
===================================================================
--- core1.okccc.onenet.net (revision 108816)
+++ core1.okccc.onenet.net (working copy)
@@ -532,7 +532,7 @@
#lsi.1048583 up up
#lsi.1048584 up up
#lsi.1048771 up up
-#lsi.1048819 up up
+#lsi.1048827 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.sti-mx960.onenet.net
===================================================================
--- core1.sti-mx960.onenet.net (revision 108818)
+++ core1.sti-mx960.onenet.net (working copy)
@@ -620,7 +620,7 @@
#lsi.1067817 up up
#lsi.1067818 up up
#lsi.1067819 up up
-#lsi.1067867 up up
+#lsi.1067875 up up
#mtun up up
#pimd up up
#pime up up
Index: core5.okc.onenet.net
===================================================================
--- core5.okc.onenet.net (revision 108819)
+++ core5.okc.onenet.net (working copy)
@@ -576,7 +576,7 @@
#lsi.1491894 up up
#lsi.1492062 up up
#lsi.1492249 up up
-#lsi.1492297 up up
+#lsi.1492305 up up
#lsi.1496838 up up
#lsi.2010116 up up
#mtun up up
Index: hub.chi.onenet.net
===================================================================
--- hub.chi.onenet.net (revision 108806)
+++ hub.chi.onenet.net (working copy)
@@ -310,7 +310,7 @@
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
#t1-2/0/2:23 down down
-#t1-2/0/2:24 down up
+#t1-2/0/2:24 down down
#t1-2/0/2:25 down up
#t1-2/0/2:26 down down
#t1-2/0/2:27 down down
Index: hub.mia.onenet.net
===================================================================
--- hub.mia.onenet.net (revision 108823)
+++ hub.mia.onenet.net (working copy)
@@ -442,7 +442,7 @@
#lsi.1053362 up up
#lsi.1053531 up up
#lsi.1053718 up up
-#lsi.1053766 up up
+#lsi.1053774 up up
#mtun up up
#pimd up up
#pime up up
More information about the Nocrancid
mailing list