[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Fri Sep 8 13:04:55 CDT 2017
Index: configs/core.dur.onenet.net
===================================================================
--- configs/core.dur.onenet.net (revision 156424)
+++ configs/core.dur.onenet.net (working copy)
@@ -2811,12 +2811,12 @@
Address State Interface Time Interval Multiplier
164.58.244.102 Up ge-0/3/2.0 1.200 0.400 3
164.58.244.182 Up ge-0/2/0.0 1.200 0.400 3
-164.58.244.209 Up ge-0/3/6.42 1.200 0.400 3
+164.58.244.209 Up ge-0/3/6.42 6.000 2.000 3
164.58.244.234 Up ge-0/3/1.200 1.200 0.400 3
164.58.246.21 Up xe-0/0/0.69 1.200 0.400 3
164.58.246.81 Up ge-0/2/2.42 1.200 0.400 3
6 sessions, 6 clients
-Cumulative transmit rate 15.0 pps, cumulative receive rate 15.0 pps
+Cumulative transmit rate 13.0 pps, cumulative receive rate 13.0 pps
{master}
Index: configs/core.wil.onenet.net
===================================================================
--- configs/core.wil.onenet.net (revision 156424)
+++ configs/core.wil.onenet.net (working copy)
@@ -358,12 +358,12 @@
# drwxrwxrwx 2 root wheel 512 Jul 11 2012 install/
# -rw-r--r-- 1 eng field 761060262 Mar 12 2016 jinstall-13.3R8.7-domestic-signed.tgz
# drwxrwxrwx 2 root wheel 512 Jul 11 2012 pics/
-# -rw-r--r-- 1 root wheel 4148 Mar 12 12:39 ppe_trap_fpc0_LU_1_00.0
+# -rw-r--r-- 1 root wheel 4148 Mar 12 2017 ppe_trap_fpc0_LU_1_00.0
# -r--r--r-- 1 root field 612 Mar 13 2016 preinstall_boot_loader.conf
# drwxr-xr-x 2 root field 512 Mar 13 2016 rtsdb/
# -rw-r----- 1 root field 356 Mar 13 2016 sampled.pkts
# drwxr-xr-x 3 root field 512 Jun 25 2012 sec-download/
-# -rw-r--r-- 1 root wheel 40061 Mar 12 12:39 ttrace_fpc0_LU_1_00.0
+# -rw-r--r-- 1 root wheel 40061 Mar 12 2017 ttrace_fpc0_LU_1_00.0
# drwxrwxrwt 2 root wheel 512 Jun 25 2012 vi.recover/
# total files: 6
#
Index: configs/perkins-tyron-ps.client.onenet.net
===================================================================
--- configs/perkins-tyron-ps.client.onenet.net (revision 156444)
+++ configs/perkins-tyron-ps.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at PERKINS-TYRON-PS-LR-005436> show system commit
+# 2017-09-08 12:11:34 CDT by sky via cli
+# 2017-09-08 12:08:38 CDT by sky via cli
# 2017-09-08 11:16:48 CDT by admin via cli
# 2017-09-08 11:15:03 CDT by admin via cli
# 2017-09-08 11:10:40 CDT by admin via cli
# 2017-09-07 18:11:00 CDT by root via cli
-# 2017-09-07 18:07:29 CDT by root via cli
-# 2017-08-22 10:12:36 CDT by root via other
# grnoc-mon at PERKINS-TYRON-PS-LR-005436> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -133,7 +133,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-09-08 10:57 CDT
# Protocols started: 2017-09-08 10:57 CDT
-# Last configured: 2017-09-08 11:16 CDT by admin
+# Last configured: 2017-09-08 12:11 CDT by sky
#
# grnoc-mon at PERKINS-TYRON-PS-LR-005436> show interface terse
#Interface Admin Link
@@ -191,7 +191,7 @@
#vlan up down
#vtep up up
# grnoc-mon at PERKINS-TYRON-PS-LR-005436> show configuration
-## Last commit: 2017-09-08 11:16:48 CDT by admin
+## Last commit: 2017-09-08 12:11:34 CDT by sky
version 15.1X49-D90.7;
system {
host-name PERKINS-TYRON-PS-LR-005436;
@@ -685,7 +685,7 @@
10.10.0.6;
}
router {
- 10.10.0.1;
+ 10.10.0.254;
}
}
}
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156444)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-005231> show system commit
+# 2017-09-08 12:34:32 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-09-08 11:48:16 CDT by joel via cli
# 2017-09-08 11:23:36 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-09-08 11:07:31 CDT by joel via cli
# 2017-09-07 23:27:33 CDT by joel via cli
# 2017-09-07 23:22:23 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-09-07 22:29:43 CDT by joel via cli
# grnoc-mon at CITY-OF-LAWTON-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -135,7 +135,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-09-08 11:48 CDT by joel
+# Last configured: 2017-09-08 12:34 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-005231> show interface terse
#Interface Admin Link
@@ -230,9 +230,30 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-005231> show configuration
-## Last commit: 2017-09-08 11:48:16 CDT by joel
+## Last commit: 2017-09-08 12:34:32 CDT by joel
version 15.1X49-D90.7;
groups {
+ ABUSE-DENY {
+ security {
+ policies {
+ from-zone <*> to-zone UNTRUST {
+ policy ABUSE-DENY {
+ match {
+ source-address <*>;
+ destination-address ABUSE;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
BASTION-HOSTS {
security {
policies {
@@ -1010,7 +1031,6 @@
address ABUSE-86.27.41.234 86.27.41.234/32;
address ABUSE-91.93.4.222 91.93.4.222/32;
address ABUSE-50.101.245.7 50.101.245.7/32;
- address E911-172.16.26.0 172.16.26.0/23;
address SERVERS-172.16.0.0/16 172.16.0.0/12;
address ABUSE-77.244.245.37 77.244.245.37/32;
address ABUSE-216.58.208.206 216.58.208.206/32;
@@ -1083,6 +1103,8 @@
}
address MAIL-NETWORK-234-10.200.0.0/23 10.200.0.0/24;
address HONEYPOT-10.0.0.0/24 10.0.0.0/24;
+ address DMZ-192.168.100.0/24 192.168.100.0/24;
+ address E911-172.16.26.0/23 172.16.26.0/23;
address-set VERIZON-STATIC-FT-SILL-1 {
description "Fort Sill MP Static IPs for CAD Access";
address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -2059,18 +2081,11 @@
}
}
from-zone DMZ to-zone UNTRUST {
+ apply-groups ABUSE-DENY;
policy ABUSE-DENY {
match {
- source-address any;
- destination-address ABUSE;
- application any;
+ source-address DMZ-192.168.100.0/24;
}
- then {
- deny;
- log {
- session-init;
- }
- }
}
policy ALLOW-GISWEB-to-ESRI-for-LICENSING {
match {
@@ -2181,18 +2196,11 @@
}
}
from-zone E911 to-zone UNTRUST {
+ apply-groups ABUSE-DENY;
policy ABUSE-DENY {
match {
- source-address any;
- destination-address ABUSE;
- application any;
+ source-address E911-172.16.26.0/23;
}
- then {
- deny;
- log {
- session-init;
- }
- }
}
policy E911-TO-UNTRUST {
match {
@@ -2242,7 +2250,12 @@
}
}
from-zone TR-0100-USERS to-zone UNTRUST {
- apply-groups COMMON-APPLICATIONS;
+ apply-groups [ COMMON-APPLICATIONS ABUSE-DENY ];
+ policy ABUSE-DENY {
+ match {
+ source-address TR-0100-USERS-10.1.0.0/16;
+ }
+ }
policy COMMON-APPLICATIONS {
match {
source-address TR-0100-USERS-10.1.0.0/16;
@@ -2402,6 +2415,12 @@
}
}
from-zone TRUST to-zone UNTRUST {
+ apply-groups ABUSE-DENY;
+ policy ABUSE-DENY {
+ match {
+ source-address TRUST-172.16.0.0/12;
+ }
+ }
policy BLOCK-OUTBOUND-TRAFFIC {
match {
source-address SERVER-FINMGMT-172.16.1.222;
@@ -2509,6 +2528,12 @@
}
}
from-zone MAIL-NETWORK-234 to-zone UNTRUST {
+ apply-groups ABUSE-DENY;
+ policy ABUSE-DENY {
+ match {
+ source-address MAIL-NETWORK-234-10.200.0.0/23;
+ }
+ }
policy MAIL-NETWORK-234-TO-LAWTON-DC {
match {
source-address MAIL-NETWORK-234-10.200.0.0/23;
Index: configs/core.ida.onenet.net
===================================================================
--- configs/core.ida.onenet.net (revision 156398)
+++ configs/core.ida.onenet.net (working copy)
@@ -2290,10 +2290,10 @@
Detect Transmit
Address State Interface Time Interval Multiplier
164.58.244.190 Up ge-0/2/0.0 1.200 0.400 3
-164.58.244.208 Up ge-0/2/4.42 1.200 0.400 3
+164.58.244.208 Up ge-0/2/4.42 6.000 2.000 3
164.58.244.233 Up ge-0/2/2.0 6.000 0.400 3
3 sessions, 3 clients
-Cumulative transmit rate 7.5 pps, cumulative receive rate 5.5 pps
+Cumulative transmit rate 5.5 pps, cumulative receive rate 3.5 pps
{master}
More information about the Nocrancid
mailing list