[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Thu Mar 6 15:01:09 CST 2014
Index: core.say.onenet.net
===================================================================
--- core.say.onenet.net (revision 111999)
+++ core.say.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SAYRE-MX480-RE0> show system commit
+# 2014-03-06 14:58:29 CST by jeremyt via cli commit synchronize
# 2014-03-03 16:09:35 CST by rnordmark via cli commit synchronize
# 2014-02-26 11:12:28 CST by andrew via netconf commit synchronize
# 2014-02-25 19:02:44 CST by rnordmark via cli commit synchronize
# 2014-02-25 13:05:12 CST by donnie via cli commit synchronize
# 2014-02-25 13:01:28 CST by joel via cli commit synchronize
-# 2014-02-24 17:56:18 CST by rnordmark via cli commit synchronize
# grnoc-mon at SAYRE-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -242,7 +242,7 @@
# grnoc-mon at SAYRE-MX480-RE0> show system uptime
# System booted: 2013-05-27 00:53 CDT
# Protocols started: 2013-05-27 00:58 CDT
-# Last configured: 2014-03-03 16:09 CST by rnordmark
+# Last configured: 2014-03-06 14:58 CST by jeremyt
#
# {master}
# grnoc-mon at SAYRE-MX480-RE0> show interface terse
@@ -314,7 +314,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SAYRE-MX480-RE0> show configuration
-## Last commit: 2014-03-03 16:09:35 CST by rnordmark
+## Last commit: 2014-03-06 14:58:29 CST by jeremyt
version 11.4R7.5;
groups {
re0 {
@@ -827,7 +827,6 @@
}
}
policy-options {
- prefix-list EBGP-IPV4-NEIGHBORS;
prefix-list ALLOWED-MGMT-SOURCES {
64.207.244.14/32;
66.129.224.37/32;
@@ -841,7 +840,41 @@
}
prefix-list PRE-LDP-SOURCES {
10.199.0.0/16;
+ 164.58.198.0/23;
+ apply-path "interfaces <*> unit <*> family inet address <*>";
}
+ prefix-list PRE-MGMT-SOURCES {
+ 64.207.244.14/32;
+ 66.129.224.37/32;
+ 129.15.127.96/28;
+ 156.110.31.0/27;
+ 156.110.31.32/28;
+ 164.58.10.0/24;
+ 164.58.15.0/24;
+ 164.58.244.0/22;
+ 164.58.253.0/24;
+ }
+ prefix-list PRE-RADIUS-SOURCES {
+ apply-path "system radius-server <*>";
+ }
+ prefix-list PRE-NTP-SOURCES {
+ apply-path "system ntp server <*>";
+ }
+ prefix-list PRE-DNS-SOURCES {
+ apply-path "system name-server <*>";
+ }
+ prefix-list PRE-SNMP-SOURCES {
+ apply-path "snmp client-list snmp-management <1*>";
+ }
+ prefix-list PRE-LOCALIPv4-SOURCES {
+ apply-path "interfaces <*> unit <*> family inet address <*>";
+ }
+ prefix-list PRE-BGP-ALLOW {
+ apply-path "protocols bgp group <*> neighbor <*>";
+ }
+ prefix-list PRE-L0-SOURCES {
+ apply-path "interfaces lo0 unit <*> family inet address <164.*>";
+ }
policy-statement LOAD-BALANCE {
then {
load-balance per-packet;
@@ -1013,45 +1046,13 @@
firewall {
family inet {
filter PROTECT-RE {
- term OSPF-ALLOW {
+ term SSH-ALLOW {
from {
- source-address {
- 164.58.199.0/24;
- 164.58.0.0/16;
- 156.110.0.0/16;
- }
- protocol ospf;
- }
- then accept;
- }
- term EBGP-ALLOW {
- from {
- prefix-list {
- EBGP-IPV4-NEIGHBORS;
- }
- protocol tcp;
- port 179;
- }
- then accept;
- }
- term IBGP-ALLOW {
- from {
- source-address {
- 164.58.199.216/32;
- 164.58.199.226/32;
- }
- protocol tcp;
- port 179;
- }
- then accept;
- }
- term SSH-WEB-ALLOW {
- from {
source-prefix-list {
- ALLOWED-MGMT-SOURCES;
+ PRE-MGMT-SOURCES;
}
protocol tcp;
- destination-port [ ssh http https ];
+ destination-port ssh;
}
then accept;
}
@@ -1071,10 +1072,29 @@
discard;
}
}
+ term OSPF-ALLOW {
+ from {
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
+ }
+ protocol ospf;
+ }
+ then accept;
+ }
+ term BGP-ALLOW {
+ from {
+ prefix-list {
+ PRE-BGP-ALLOW;
+ }
+ protocol tcp;
+ port 179;
+ }
+ then accept;
+ }
term RADIUS-ALLOW {
from {
- source-address {
- 156.110.31.11/32;
+ source-prefix-list {
+ PRE-RADIUS-SOURCES;
}
protocol [ udp tcp ];
port [ radius radacct ];
@@ -1083,8 +1103,9 @@
}
term NTP-ALLOW {
from {
- source-address {
- 164.58.3.98/32;
+ source-prefix-list {
+ PRE-NTP-SOURCES;
+ PRE-L0-SOURCES;
}
protocol udp;
port ntp;
@@ -1093,9 +1114,8 @@
}
term DOMAIN-ALLOW {
from {
- source-address {
- 164.58.253.10/32;
- 164.58.198.10/32;
+ source-prefix-list {
+ PRE-DNS-SOURCES;
}
port domain;
}
@@ -1104,7 +1124,7 @@
term SYSLOG-ALLOW {
from {
source-prefix-list {
- ALLOWED-MGMT-SOURCES;
+ PRE-MGMT-SOURCES;
}
port syslog;
}
@@ -1113,7 +1133,7 @@
term FTP-ALLOW {
from {
source-prefix-list {
- ALLOWED-MGMT-SOURCES;
+ PRE-MGMT-SOURCES;
}
port ftp;
}
@@ -1122,7 +1142,7 @@
term JSPACE-ALLOW {
from {
source-prefix-list {
- ALLOWED-MGMT-SOURCES;
+ PRE-MGMT-SOURCES;
}
source-port 7408;
}
@@ -1130,10 +1150,8 @@
}
term SNMP-ALLOW {
from {
- source-address {
- 164.58.253.0/24;
- 156.110.31.0/27;
- 156.110.31.32/28;
+ source-prefix-list {
+ PRE-SNMP-SOURCES;
}
protocol [ tcp udp ];
port [ snmp snmptrap ];
@@ -1142,18 +1160,17 @@
}
term LDP-ALLOW {
from {
- source-address {
- 164.58.0.0/16;
- 156.110.0.0/16;
+ source-prefix-list {
+ PRE-LDP-SOURCES;
}
port ldp;
}
+ then accept;
}
term PIM-ALLOW {
from {
- source-address {
- 164.58.0.0/16;
- 156.110.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol pim;
}
@@ -1161,9 +1178,8 @@
}
term BFD-ALLOW {
from {
- source-address {
- 164.58.0.0/16;
- 156.110.0.0/16;
+ source-prefix-list {
+ PRE-LOCALIPv4-SOURCES;
}
protocol udp;
port [ 3784 3785 ];
Index: hub.chi.onenet.net
===================================================================
--- hub.chi.onenet.net (revision 112433)
+++ hub.chi.onenet.net (working copy)
@@ -309,7 +309,7 @@
#t1-2/0/2:21 down down
#t1-2/0/2:22 down down
#t1-2/0/2:23 down down
-#t1-2/0/2:24 down up
+#t1-2/0/2:24 down down
#t1-2/0/2:25 down up
#t1-2/0/2:26 down down
#t1-2/0/2:27 down down
Index: hub.sal.onenet.net
===================================================================
--- hub.sal.onenet.net (revision 112434)
+++ hub.sal.onenet.net (working copy)
@@ -320,7 +320,7 @@
#t1-2/0/2:21.0 up up
#t1-2/0/2:22 up up
#t1-2/0/2:22.0 up up
-#t1-2/0/2:23 down down
+#t1-2/0/2:23 down up
#t1-2/0/2:23.0 up down
#t1-2/0/2:24 up down
#t1-2/0/2:25 up down
More information about the Nocrancid
mailing list