[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Feb 20 16:01:08 CST 2014
Index: core.alt.onenet.net
===================================================================
--- core.alt.onenet.net (revision 109170)
+++ core.alt.onenet.net (working copy)
@@ -324,14 +324,14 @@
#lo0.16384 up up
#lo0.16385 up up
#lsi up up
-#lsi.1102862 up up
-#lsi.1102863 up up
-#lsi.1102864 up up
-#lsi.1102865 up up
-#lsi.1102866 up up
-#lsi.1102867 up up
-#lsi.1102868 up up
-#lsi.1102869 up up
+#lsi.1102934 up up
+#lsi.1102935 up up
+#lsi.1102936 up up
+#lsi.1102937 up up
+#lsi.1102938 up up
+#lsi.1102939 up up
+#lsi.1102940 up up
+#lsi.1102941 up up
#mtun up up
#pimd up up
#pime up up
Index: core.hut.ori.onenet.net
===================================================================
--- core.hut.ori.onenet.net (revision 106555)
+++ core.hut.ori.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ORIENTA-MX40> show system commit
+# 2014-02-20 15:32:21 CST by andrew via cli commit confirmed, rollback in 2mins
+# 2014-02-20 15:29:59 CST by andrew via cli commit confirmed, rollback in 2mins
+# 2014-02-20 15:28:54 CST by andrew via cli commit confirmed, rollback in 2mins
# 2014-02-12 09:40:11 CST by josh via cli commit confirmed, rollback in 5mins
# 2014-02-06 01:48:37 CST by joel via cli
# 2014-02-06 01:45:55 CST by joel via cli
-# 2014-02-06 01:44:25 CST by joel via cli
-# 2014-01-28 13:40:27 CST by joel via cli
-# 2014-01-28 13:12:51 CST by joel via cli
# grnoc-mon at ORIENTA-MX40> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -229,7 +229,7 @@
# grnoc-mon at ORIENTA-MX40> show system uptime
# System booted: 2013-06-06 13:15 CDT
# Protocols started: 2013-06-06 13:16 CDT
-# Last configured: 2014-02-12 09:40 CST by josh
+# Last configured: 2014-02-20 15:32 CST by andrew
#
# grnoc-mon at ORIENTA-MX40> show interface terse
#Interface Admin Link
@@ -295,7 +295,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ORIENTA-MX40> show configuration
-## Last commit: 2014-02-12 09:40:11 CST by josh
+## Last commit: 2014-02-20 15:32:21 CST by andrew
version 12.3R2.5;
system {
host-name ORIENTA-MX40;
@@ -307,7 +307,7 @@
}
name-server {
164.58.253.10;
- 164.58.253.4;
+ 164.58.198.10;
}
radius-server {
156.110.31.11 {
@@ -405,8 +405,7 @@
source-address 164.58.199.152;
}
ntp {
- server 164.58.3.98;
- server 164.58.253.82 prefer;
+ server 164.58.3.98 prefer;
}
}
chassis {
@@ -755,6 +754,17 @@
}
policy-options {
prefix-list EBGP-IPV4-NEIGHBORS;
+ prefix-list ALLOWED-MGMT-SOURCES {
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -875,24 +885,6 @@
firewall {
family inet {
filter PROTECT-RE {
- term SERVICES {
- from {
- source-address {
- 129.15.127.96/28;
- 156.110.31.0/27;
- 156.110.31.32/28;
- 164.58.10.0/24;
- 164.58.253.0/24;
- 64.207.244.14/32;
- 66.129.224.37/32;
- 164.58.15.0/24;
- 164.58.244.0/22;
- }
- protocol tcp;
- destination-port [ ssh http ];
- }
- then accept;
- }
term OSPF-ALLOW {
from {
source-address {
@@ -925,6 +917,16 @@
}
then accept;
}
+ term SSH-WEB-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ protocol tcp;
+ destination-port ssh;
+ }
+ then accept;
+ }
term FIRST-FRAG {
from {
first-fragment;
@@ -941,40 +943,63 @@
discard;
}
}
- term ICMP-ALLOW {
+ term RADIUS-ALLOW {
from {
- protocol icmp;
- icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ source-address {
+ 156.110.31.11/32;
+ }
+ protocol [ udp tcp ];
+ port [ radius radacct ];
}
then accept;
}
- term SERVICES-OUTBOUND {
+ term NTP-ALLOW {
from {
- source-port [ domain ntp ssh syslog ftp 7804 telnet ];
+ source-address {
+ 164.58.3.98/32;
+ }
+ protocol udp;
+ port ntp;
}
then accept;
}
- term RADIUS {
+ term DOMAIN-ALLOW {
from {
source-address {
- 156.110.31.11/32;
+ 164.58.253.10/32;
+ 164.58.198.10/32;
}
- protocol [ udp tcp ];
- port [ radius radacct ];
+ port domain;
}
then accept;
}
- term NTP {
+ term SYSLOG-ALLOW {
from {
- source-address {
- 164.58.10.1/32;
- 164.58.199.0/24;
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
}
- protocol udp;
- port ntp;
+ port syslog;
}
then accept;
}
+ term FTP-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ port ftp;
+ }
+ then accept;
+ }
+ term JSPACE-ALLOW {
+ from {
+ source-prefix-list {
+ ALLOWED-MGMT-SOURCES;
+ }
+ source-port 7408;
+ }
+ then accept;
+ }
term SNMP-ALLOW {
from {
source-address {
@@ -990,7 +1015,6 @@
term LDP-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
156.110.0.0/16;
}
@@ -1000,8 +1024,8 @@
term PIM-ALLOW {
from {
source-address {
- 164.58.199.0/24;
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol pim;
}
@@ -1011,12 +1035,20 @@
from {
source-address {
164.58.0.0/16;
+ 156.110.0.0/16;
}
protocol udp;
port [ 3784 3785 ];
}
then accept;
}
+ term ICMP-ALLOW {
+ from {
+ protocol icmp;
+ icmp-type [ echo-reply echo-request unreachable time-exceeded ];
+ }
+ then accept;
+ }
term TRACEROUTE-ALLOW {
from {
protocol udp;
@@ -1024,6 +1056,20 @@
}
then accept;
}
+ term DENY-SERVICES-INBOUND {
+ from {
+ destination-port [ ssh telnet http https snmp ntp domain ];
+ }
+ then {
+ discard;
+ }
+ }
+ term SERVICES-OUTBOUND {
+ from {
+ source-port [ ssh telnet ];
+ }
+ then accept;
+ }
term DENY_ALL {
then {
discard;
Index: core.law.onenet.net
===================================================================
--- core.law.onenet.net (revision 109172)
+++ core.law.onenet.net (working copy)
@@ -474,7 +474,7 @@
#lsi.1058664 up up
#lsi.1058703 up up
#lsi.1058853 up up
-#lsi.1059109 up up
+#lsi.1059118 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.okccc.onenet.net
===================================================================
--- core1.okccc.onenet.net (revision 109178)
+++ core1.okccc.onenet.net (working copy)
@@ -532,7 +532,7 @@
#lsi.1048583 up up
#lsi.1048584 up up
#lsi.1048771 up up
-#lsi.1049027 up up
+#lsi.1049036 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.dc.onenet.net
===================================================================
--- core1.dc.onenet.net (revision 109174)
+++ core1.dc.onenet.net (working copy)
@@ -847,7 +847,7 @@
#lsi.1057901 up up
#lsi.1057961 up up
#lsi.1057981 up up
-#lsi.1058159 up up
+#lsi.1058168 up up
#mtun up up
#pimd up up
#pime up up
Index: core5.okc.onenet.net
===================================================================
--- core5.okc.onenet.net (revision 109175)
+++ core5.okc.onenet.net (working copy)
@@ -576,7 +576,7 @@
#lsi.1491894 up up
#lsi.1492062 up up
#lsi.1492249 up up
-#lsi.1492505 up up
+#lsi.1492514 up up
#lsi.1496838 up up
#lsi.2010116 up up
#mtun up up
Index: core1.lan-mx80.onenet.net
===================================================================
--- core1.lan-mx80.onenet.net (revision 109159)
+++ core1.lan-mx80.onenet.net (working copy)
@@ -268,7 +268,7 @@
#lsi.1059516 up up
#lsi.1059685 up up
#lsi.1059872 up up
-#lsi.1060119 up up
+#lsi.1060137 up up
#me0 up up
#me0.0 up up
#mtun up up
Index: core1.nor.onenet.net
===================================================================
--- core1.nor.onenet.net (revision 109173)
+++ core1.nor.onenet.net (working copy)
@@ -450,7 +450,7 @@
#lsi.1056221 up up
#lsi.1056389 up up
#lsi.1056576 up up
-#lsi.1056832 up up
+#lsi.1056841 up up
#mtun up up
#pimd up up
#pime up up
Index: core1.sti-mx960.onenet.net
===================================================================
--- core1.sti-mx960.onenet.net (revision 109176)
+++ core1.sti-mx960.onenet.net (working copy)
@@ -620,7 +620,7 @@
#lsi.1067817 up up
#lsi.1067818 up up
#lsi.1067819 up up
-#lsi.1068075 up up
+#lsi.1068084 up up
#mtun up up
#pimd up up
#pime up up
Index: hub.mia.onenet.net
===================================================================
--- hub.mia.onenet.net (revision 109179)
+++ hub.mia.onenet.net (working copy)
@@ -442,7 +442,7 @@
#lsi.1053362 up up
#lsi.1053531 up up
#lsi.1053718 up up
-#lsi.1053974 up up
+#lsi.1053983 up up
#mtun up up
#pimd up up
#pime up up
Index: opt.dps.onenet.net
===================================================================
--- opt.dps.onenet.net (revision 86591)
+++ opt.dps.onenet.net (working copy)
@@ -5,7 +5,7 @@
<interface name="FAC-1-1" abbr_name="FAC-1-1" admin_state="up" spanning_tree_metric="" description="OETA" type="FAC" monitoring_state="monitor"></interface>
</part>
<part name="SLOT-6" description="MRC-12" hw_version="E0" part_id="MRC-12" part_num="800-24423-02" serial_number="CAT1444B152" slot="SLOT-6" vendor_id="Cisco">
- <interface name="FAC-6-1-1" abbr_name="FAC-6-1-1" admin_state="up" spanning_tree_metric="" description="" type="FAC" monitoring_state="monitor"></interface>
+ <interface name="FAC-6-1-1" abbr_name="FAC-6-1-1" admin_state="up" spanning_tree_metric="" description="muskogee" type="FAC" monitoring_state="monitor"></interface>
<interface name="FAC-6-4-1" abbr_name="FAC-6-4-1" admin_state="up" spanning_tree_metric="" description="OSF" type="FAC" monitoring_state="monitor"></interface>
</part>
<part name="SLOT-7" description="TCC2" hw_version="B0" part_id="TCC2" part_num="800-24766-09" serial_number="CAT1443B07Y" slot="SLOT-7" vendor_id="Cisco"></part>
More information about the Nocrancid
mailing list