[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Sat Sep 9 13:05:04 CDT 2017
Index: configs/city-of-lawton.client.onenet.net
===================================================================
--- configs/city-of-lawton.client.onenet.net (revision 156448)
+++ configs/city-of-lawton.client.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CITY-OF-LAWTON-005231> show system commit
+# 2017-09-09 12:47:26 CDT by joel via cli
+# 2017-09-09 12:24:36 CDT by joel via cli
+# 2017-09-09 12:20:21 CDT by joel via cli commit confirmed, rollback in 5mins
# 2017-09-08 15:56:50 CDT by sky via cli
# 2017-09-08 15:55:36 CDT by sky via cli
# 2017-09-08 12:34:32 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-09-08 11:48:16 CDT by joel via cli
-# 2017-09-08 11:23:36 CDT by joel via cli commit confirmed, rollback in 5mins
-# 2017-09-08 11:07:31 CDT by joel via cli
# grnoc-mon at CITY-OF-LAWTON-005231> show chassis environment
# Class Item Status Measurement
# Temp Routing Engine OK
@@ -135,7 +135,7 @@
# Time Source: NTP CLOCK
# System booted: 2017-08-25 14:03 CDT
# Protocols started: 2017-08-25 14:03 CDT
-# Last configured: 2017-09-08 15:56 CDT by sky
+# Last configured: 2017-09-09 12:47 CDT by joel
#
# grnoc-mon at CITY-OF-LAWTON-005231> show interface terse
#Interface Admin Link
@@ -230,7 +230,7 @@
#vlan up down
#vtep up up
# grnoc-mon at CITY-OF-LAWTON-005231> show configuration
-## Last commit: 2017-09-08 15:56:50 CDT by sky
+## Last commit: 2017-09-09 12:47:26 CDT by joel
version 15.1X49-D90.7;
groups {
ABUSE-DENY {
@@ -251,6 +251,21 @@
}
}
}
+ from-zone UNTRUST to-zone <*> {
+ policy ABUSE-DENY {
+ match {
+ source-address ABUSE;
+ destination-address <*>;
+ application any;
+ }
+ then {
+ deny;
+ log {
+ session-init;
+ }
+ }
+ }
+ }
}
}
}
@@ -1101,10 +1116,12 @@
description Server-EX2;
10.200.0.62/32;
}
- address MAIL-NETWORK-234-10.200.0.0/23 10.200.0.0/24;
+ address MAIL-NETWORK-234-10.200.0.0/24 10.200.0.0/24;
address HONEYPOT-10.0.0.0/24 10.0.0.0/24;
address DMZ-192.168.100.0/24 192.168.100.0/24;
address E911-172.16.26.0/23 172.16.26.0/23;
+ address SERVER-EXCHANGE-DAG-VIP-10.200.0.63 10.200.0.63/32;
+ address ABUSE-97.107.142.250 97.107.142.250/32;
address-set VERIZON-STATIC-FT-SILL-1 {
description "Fort Sill MP Static IPs for CAD Access";
address VERIZON-STATIC-FT-SILL-1-166.148.145.240;
@@ -1292,6 +1309,7 @@
address ABUSE-212.23.0.100;
address ABUSE-64.90.40.26;
address ABUSE-162.252.172.79;
+ address ABUSE-97.107.142.250;
}
address-set TOPCON-GPS {
address TOPCON-GPS-148.77.41.22;
@@ -1398,7 +1416,7 @@
}
}
}
- rule MS-EXCHANGE-DAG-OUTSIDE {
+ inactive: rule MS-EXCHANGE-DAG-OUTSIDE {
match {
source-address [ 172.16.1.180/32 172.16.1.176/32 172.16.1.177/32 ];
}
@@ -1558,7 +1576,7 @@
}
}
}
- rule NAT-MS-EXCHANGE-DAG {
+ inactive: rule NAT-MS-EXCHANGE-DAG {
match {
destination-address 156.110.87.203/32;
}
@@ -1570,6 +1588,18 @@
}
}
}
+ rule MAIL-NETWORK-234-EXCHANGE-DAG {
+ match {
+ destination-address 156.110.87.203/32;
+ }
+ then {
+ static-nat {
+ prefix {
+ 10.200.0.63/32;
+ }
+ }
+ }
+ }
rule NAT-SSTD-GPS-CONTROLLER {
match {
destination-address 156.110.87.209/32;
@@ -1902,7 +1932,7 @@
permit;
}
}
- policy ALLOW-REMOTE-EXCHANGE-MAIL {
+ inactive: policy ALLOW-REMOTE-EXCHANGE-MAIL {
description "Email access from the outside to the MS Exchange DAG";
match {
source-address any;
@@ -2516,27 +2546,48 @@
}
}
from-zone UNTRUST to-zone MAIL-NETWORK-234 {
+ apply-groups ABUSE-DENY;
+ policy ABUSE-DENY {
+ match {
+ destination-address MAIL-NETWORK-234-10.200.0.0/24;
+ }
+ }
policy NAT-EXEMPT-MAIL-NETWORK-234 {
match {
source-address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28;
- destination-address MAIL-NETWORK-234-10.200.0.0/23;
+ destination-address MAIL-NETWORK-234-10.200.0.0/24;
application any;
}
then {
permit;
}
}
+ policy ALLOW-REMOTE-EXCHANGE-MAIL {
+ description "Email access from the outside to the TEMPORARY MS Exchange DAG";
+ match {
+ source-address any;
+ destination-address SERVER-EXCHANGE-DAG-VIP-10.200.0.63;
+ application [ junos-https junos-smtp ];
+ }
+ then {
+ permit;
+ log {
+ session-init;
+ session-close;
+ }
+ }
+ }
}
from-zone MAIL-NETWORK-234 to-zone UNTRUST {
apply-groups ABUSE-DENY;
policy ABUSE-DENY {
match {
- source-address MAIL-NETWORK-234-10.200.0.0/23;
+ source-address MAIL-NETWORK-234-10.200.0.0/24;
}
}
policy MAIL-NETWORK-234-TO-LAWTON-DC {
match {
- source-address MAIL-NETWORK-234-10.200.0.0/23;
+ source-address MAIL-NETWORK-234-10.200.0.0/24;
destination-address NAT-EXEMPT-ACTIVE-DIRECTORY-164.58.2.192/28;
application any;
}
Index: configs/maysville-hs.client.onenet.net
===================================================================
--- configs/maysville-hs.client.onenet.net (revision 156468)
+++ configs/maysville-hs.client.onenet.net (working copy)
@@ -612,7 +612,6 @@
# OSPF instance is not running
#
# grnoc-mon at MAYSVILLE-HS-LEASED-ASSET-TAG-004887> show bfd session
-quit
0 sessions, 0 clients
Cumulative transmit rate 0.0 pps, cumulative receive rate 0.0 pps
More information about the Nocrancid
mailing list