[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Fri Aug 25 22:04:47 CDT 2017
Index: configs/hub.dur.onenet.net
===================================================================
--- configs/hub.dur.onenet.net (revision 156093)
+++ configs/hub.dur.onenet.net (working copy)
@@ -433,7 +433,7 @@
#fe-2/1/1 up up
#fe-2/1/1.0 up up
#fe-2/1/2 up down
-#fe-2/1/3 down up
+#fe-2/1/3 down down
#ge-2/2/0 up up
#ge-2/2/0.0 up up
#pc-2/2/0 up up
Index: configs/lavern-public-schools.client.onenet.net
===================================================================
--- configs/lavern-public-schools.client.onenet.net (revision 156093)
+++ configs/lavern-public-schools.client.onenet.net (working copy)
@@ -110,7 +110,7 @@
#
# grnoc-mon at LAVERN-PUBLIC-SCHOOLS-TAG-004351> show interface terse
#Interface Admin Link
-#ge-0/0/0 down down
+#ge-0/0/0 down up
#gr-0/0/0 up up
#ip-0/0/0 up up
#lsq-0/0/0 up up
Index: configs/stringtown-high-school.client.onenet.net
===================================================================
--- configs/stringtown-high-school.client.onenet.net (revision 156075)
+++ configs/stringtown-high-school.client.onenet.net (working copy)
@@ -691,6 +691,7 @@
# OSPF instance is not running
#
# grnoc-mon at STRINGTOWN-HIGH-SCHOOL-TAG-004909> show bfd session
+quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156086)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show system commit
+# 2017-08-25 21:45:45 CDT by joel via cli commit confirmed, rollback in 5mins
+# 2017-08-25 21:25:00 CDT by joel via cli commit confirmed, rollback in 5mins
+# 2017-08-25 21:15:17 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-08-25 14:05:39 CDT by root via other
# 2017-08-25 12:31:00 CDT by joel via cli
# 2017-08-25 12:29:55 CDT by andrew via cli
-# 2017-08-25 12:24:37 CDT by joel via cli
-# 2017-08-25 12:20:41 CDT by joel via cli
-# 2017-08-25 10:58:22 CDT by joel via cli
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -133,7 +133,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-08-25 14:05 CDT by root
+# Last configured: 2017-08-25 21:45 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show interface terse
#Interface Admin Link
@@ -194,7 +194,7 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-TAG-005231> show configuration
-## Last commit: 2017-08-25 14:05:39 CDT by root
+## Last commit: 2017-08-25 21:45:45 CDT by joel
version 15.1X49-D90.7;
groups {
DENY-ALL-ELSE {
@@ -725,6 +725,20 @@
address ABUSE-216.58.208.206 216.58.208.206/32;
address ABUSE-8.248.181.254 8.248.181.254/32;
address ABUSE-74.125.206.103 74.125.206.103/32;
+ address ABUSE-66.96.133.9 66.96.133.9/32;
+ address ABUSE-174.123.38.58 174.123.38.58/32;
+ address ABUSE-61.221.12.26 61.221.12.26/32;
+ address ABUSE-67.222.137.18 67.222.137.18/32;
+ address ABUSE-107.6.152.61 107.6.152.61/32;
+ address ABUSE-193.111.140.236 193.111.140.236/32;
+ address ABUSE-178.218.214.138 178.218.214.138/32;
+ address ABUSE-185.162.8.190 185.162.8.190/32;
+ address ABUSE-158.255.2.138 158.255.2.138/32;
+ address ABUSE-162.144.0.102 162.144.0.102/32;
+ address ABUSE-67.210.118.90 67.210.118.90/32;
+ address ABUSE-212.23.0.100 212.23.0.100/32;
+ address ABUSE-64.90.40.26 64.90.40.26/32;
+ address ABUSE-162.252.172.79 162.252.172.79/32;
address-set VERIZON-STATIC-FT-SILL-1 {
description "Fort Sill MP Static IPs for CAD Access";
address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -898,6 +912,20 @@
address ABUSE-216.58.208.206;
address ABUSE-8.248.181.254;
address ABUSE-74.125.206.103;
+ address ABUSE-66.96.133.9;
+ address ABUSE-174.123.38.58;
+ address ABUSE-61.221.12.26;
+ address ABUSE-67.222.137.18;
+ address ABUSE-107.6.152.61;
+ address ABUSE-193.111.140.236;
+ address ABUSE-178.218.214.138;
+ address ABUSE-185.162.8.190;
+ address ABUSE-158.255.2.138;
+ address ABUSE-162.144.0.102;
+ address ABUSE-67.210.118.90;
+ address ABUSE-212.23.0.100;
+ address ABUSE-64.90.40.26;
+ address ABUSE-162.252.172.79;
}
address-set TOPCON-GPS {
address TOPCON-GPS-148.77.41.22;
@@ -970,7 +998,7 @@
156.110.87.207/32;
}
}
- rule-set TRUST-TO-UNTRUST-NAT {
+ inactive: rule-set TRUST-TO-UNTRUST-NAT {
from zone TRUST;
to zone UNTRUST;
rule MS-EXCHANGE-DAG-OUTSIDE {
@@ -1066,7 +1094,7 @@
}
}
static {
- rule-set STATIC-NAT {
+ inactive: rule-set STATIC-NAT {
from zone UNTRUST;
rule NAT-TO-CITY-OF {
match {
@@ -1275,7 +1303,7 @@
}
policies {
from-zone UNTRUST to-zone UNTRUST {
- policy ABUSE-DENY {
+ policy ABUSE-SOURCE-DENY {
match {
source-address ABUSE;
destination-address any;
@@ -1288,6 +1316,19 @@
}
}
}
+ policy ABUSE-DESTINATION-DENY {
+ match {
+ source-address any;
+ destination-address ABUSE;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
policy ALLOW-UNTRUST-TO-UNTRUST {
match {
source-address any;
@@ -1300,6 +1341,19 @@
}
}
from-zone TRUST to-zone UNTRUST {
+ policy ABUSE-DENY {
+ match {
+ source-address any;
+ destination-address ABUSE;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
policy TRUST-TO-UNTRUST {
match {
source-address any;
@@ -1530,6 +1584,19 @@
}
}
from-zone UNTRUST to-zone DMZ {
+ policy ABUSE-DENY {
+ match {
+ source-address ABUSE;
+ destination-address any;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
policy ALLOW-HTTP-TO-SERVER-GISWEB {
description "permit tcp any object Server-GISWeb eq www";
match {
@@ -1603,6 +1670,19 @@
}
}
from-zone DMZ to-zone UNTRUST {
+ policy ABUSE-DENY {
+ match {
+ source-address any;
+ destination-address ABUSE;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
policy ALLOW-GISWEB-to-ESRI-for-LICENSING {
match {
source-address SERVER-GISWEB-INSIDE-192.168.100.86;
@@ -1712,6 +1792,19 @@
}
}
from-zone E911 to-zone UNTRUST {
+ policy ABUSE-DENY {
+ match {
+ source-address any;
+ destination-address ABUSE;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
policy E911-TO-UNTRUST {
match {
source-address any;
More information about the Nocrancid
mailing list