Changes for page Exemplo de BGP config

Last modified by Jean Franco on 2024/06/09 20:43

From version 1.1 >

edited by Jean Franco
on 2024/06/09 20:41

To version < 1.2

edited by Jean Franco
on 2024/06/09 20:43

Change comment: Added comment

Raw
Rendered

Summary

Objects (0 modified, 1 added, 0 removed)
- XWiki.XWikiComments[0]

Details

XWiki.XWikiComments[0]

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.jfranco

Comment

@@ -1,0 +1,159 @@
++Os comandos usados para executar a config acima:
++
++set policy prefix-list BGP
++
++set policy prefix-list EXPORT rule 10 action permit
++
++set policy prefix-list EXPORT rule 10 prefix 38.x.x.0/24
++
++set policy prefix-list IMPORT rule 20 action permit
++
++set policy prefix-list IMPORT rule 20 prefix 0.0.0.0/0
++
++
++set protocols bgp 5XXX1 neighbor 38.x.x.125 description 'COGENT AS Neighbor'
++
++set protocols bgp 5XXX1 neighbor 38.x.x.125 prefix-list export EXPORT
++
++set protocols bgp 5XXX1 neighbor 38.x.x.125 prefix-list import IMPORT
++
++set protocols bgp 5XXX1 neighbor 38.x.x.125 remote-as 174
++
++set protocols bgp 5XXX1 neighbor 38.x.x.125 soft-reconfiguration inbound
++
++set protocols bgp 5XXX1 neighbor 144.x.x.229 description 'LIGHTOWER AS Neighbor'
++
++set protocols bgp 5XXX1 neighbor 144.x.x.229 prefix-list export EXPORT
++
++set protocols bgp 5XXX1 neighbor 144.x.x.229 prefix-list import IMPORT
++
++set protocols bgp 5XXX1 neighbor 144.x.x.229 remote-as 46887
++
++set protocols bgp 5XXX1 neighbor 144.x.x.229 soft-reconfiguration inbound
++
++set protocols bgp 5XXX1 network 38.x.x.0/24
++
++set protocols static route 38.x.x.0/24 blackhole
++
++
++
++<these commands were used to restrict access to the interfaces of the bgp router while allowing ping and bgp>
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 38.x.x.0/24
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 38.x.x.128/26
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 38.x.x.0/24
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 172.x.x.0/24
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24
++
++set firewall group network-group ALLOWED_ADMIN_GROUP network 96.x.x.2/32
++
++
++set firewall name REMOTE_ACCESS default-action drop
++
++set firewall name REMOTE_ACCESS description 'IPv4 inbound traffic to the router'
++
++set firewall name REMOTE_ACCESS enable-default-log
++
++
++set firewall name REMOTE_ACCESS rule 5 action accept
++
++set firewall name REMOTE_ACCESS rule 5 description 'Allow Established'
++
++set firewall name REMOTE_ACCESS rule 5 log disable
++
++set firewall name REMOTE_ACCESS rule 5 protocol all
++
++set firewall name REMOTE_ACCESS rule 5 state established enable
++
++set firewall name REMOTE_ACCESS rule 5 state related enable
++
++
++set firewall name REMOTE_ACCESS rule 10 action accept
++
++set firewall name REMOTE_ACCESS rule 10 description 'Allow BGP'
++
++set firewall name REMOTE_ACCESS rule 10 log disable
++
++set firewall name REMOTE_ACCESS rule 10 destination port 179
++
++set firewall name REMOTE_ACCESS rule 10 protocol tcp
++
++
++set firewall name REMOTE_ACCESS rule 20 action accept
++
++set firewall name REMOTE_ACCESS rule 20 description 'Allow ICMP'
++
++set firewall name REMOTE_ACCESS rule 20 log disable
++
++set firewall name REMOTE_ACCESS rule 20 protocol icmp
++
++
++set firewall name REMOTE_ACCESS rule 30 action accept
++
++set firewall name REMOTE_ACCESS rule 30 description 'Allow SNMP'
++
++set firewall name REMOTE_ACCESS rule 30 destination port 161
++
++set firewall name REMOTE_ACCESS rule 30 protocol udp
++
++set firewall name REMOTE_ACCESS rule 30 log disable
++
++set firewall name REMOTE_ACCESS rule 30 source group network-group ALLOWED_ADMIN_GROUP
++
++
++set firewall name REMOTE_ACCESS rule 40 action accept
++
++set firewall name REMOTE_ACCESS rule 40 description 'Allow SSH'
++
++set firewall name REMOTE_ACCESS rule 40 destination port 22
++
++set firewall name REMOTE_ACCESS rule 40 protocol tcp
++
++set firewall name REMOTE_ACCESS rule 40 log disable
++
++set firewall name REMOTE_ACCESS rule 40 source group network-group ALLOWED_ADMIN_GROUP
++
++
++set firewall name REMOTE_ACCESS rule 50 action accept
++
++set firewall name REMOTE_ACCESS rule 50 description 'Allow HTTPS'
++
++set firewall name REMOTE_ACCESS rule 50 destination port 443
++
++set firewall name REMOTE_ACCESS rule 50 protocol tcp
++
++set firewall name REMOTE_ACCESS rule 50 log disable
++
++set firewall name REMOTE_ACCESS rule 50 source group network-group ALLOWED_ADMIN_GROUP
++
++
++set firewall name REMOTE_ACCESS rule 60 action accept
++
++set firewall name REMOTE_ACCESS rule 60 description 'Allow HTTP'
++
++set firewall name REMOTE_ACCESS rule 60 destination port 80
++
++set firewall name REMOTE_ACCESS rule 60 protocol tcp
++
++set firewall name REMOTE_ACCESS rule 60 log disable
++
++set firewall name REMOTE_ACCESS rule 60 source group network-group ALLOWED_ADMIN_GROUP
++
++
++set interfaces ethernet eth0 firewall local name REMOTE_ACCESS
++
++set interfaces ethernet eth1 firewall local name REMOTE_ACCESS
++
++set interfaces ethernet eth2 firewall local name REMOTE_ACCESS
++
++set interfaces ethernet eth3 firewall local name REMOTE_ACCESS

Date

...	...	@@ -1,0 +1,1 @@
	1	+2024-06-09 20:43:22.423

Applications

More applications

Maila Networks

XWiki Debian 14.4.1

Changes for page Exemplo de BGP config

Summary

Details

Applications

Navigation