Changes for page Exemplo de BGP config
Last modified by Jean Franco on 2024/06/09 20:43
edited by Jean Franco
on 2024/06/09 20:43
on 2024/06/09 20:43
edited by Jean Franco
on 2024/06/09 20:41
on 2024/06/09 20:41
Change comment:
There is no comment for this version
Summary
-
Objects (0 modified, 0 added, 1 removed)
Details
- XWiki.XWikiComments[0]
-
- Author
-
... ... @@ -1,1 +1,0 @@ 1 -XWiki.jfranco - Comment
-
... ... @@ -1,159 +1,0 @@ 1 -Os comandos usados para executar a config acima: 2 - 3 -set policy prefix-list BGP 4 - 5 -set policy prefix-list EXPORT rule 10 action permit 6 - 7 -set policy prefix-list EXPORT rule 10 prefix 38.x.x.0/24 8 - 9 -set policy prefix-list IMPORT rule 20 action permit 10 - 11 -set policy prefix-list IMPORT rule 20 prefix 0.0.0.0/0 12 - 13 - 14 -set protocols bgp 5XXX1 neighbor 38.x.x.125 description 'COGENT AS Neighbor' 15 - 16 -set protocols bgp 5XXX1 neighbor 38.x.x.125 prefix-list export EXPORT 17 - 18 -set protocols bgp 5XXX1 neighbor 38.x.x.125 prefix-list import IMPORT 19 - 20 -set protocols bgp 5XXX1 neighbor 38.x.x.125 remote-as 174 21 - 22 -set protocols bgp 5XXX1 neighbor 38.x.x.125 soft-reconfiguration inbound 23 - 24 -set protocols bgp 5XXX1 neighbor 144.x.x.229 description 'LIGHTOWER AS Neighbor' 25 - 26 -set protocols bgp 5XXX1 neighbor 144.x.x.229 prefix-list export EXPORT 27 - 28 -set protocols bgp 5XXX1 neighbor 144.x.x.229 prefix-list import IMPORT 29 - 30 -set protocols bgp 5XXX1 neighbor 144.x.x.229 remote-as 46887 31 - 32 -set protocols bgp 5XXX1 neighbor 144.x.x.229 soft-reconfiguration inbound 33 - 34 -set protocols bgp 5XXX1 network 38.x.x.0/24 35 - 36 -set protocols static route 38.x.x.0/24 blackhole 37 - 38 - 39 - 40 -<these commands were used to restrict access to the interfaces of the bgp router while allowing ping and bgp> 41 - 42 -set firewall group network-group ALLOWED_ADMIN_GROUP network 38.x.x.0/24 43 - 44 -set firewall group network-group ALLOWED_ADMIN_GROUP network 38.x.x.128/26 45 - 46 -set firewall group network-group ALLOWED_ADMIN_GROUP network 38.x.x.0/24 47 - 48 -set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24 49 - 50 -set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24 51 - 52 -set firewall group network-group ALLOWED_ADMIN_GROUP network 172.x.x.0/24 53 - 54 -set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24 55 - 56 -set firewall group network-group ALLOWED_ADMIN_GROUP network 10.x.x.0/24 57 - 58 -set firewall group network-group ALLOWED_ADMIN_GROUP network 96.x.x.2/32 59 - 60 - 61 -set firewall name REMOTE_ACCESS default-action drop 62 - 63 -set firewall name REMOTE_ACCESS description 'IPv4 inbound traffic to the router' 64 - 65 -set firewall name REMOTE_ACCESS enable-default-log 66 - 67 - 68 -set firewall name REMOTE_ACCESS rule 5 action accept 69 - 70 -set firewall name REMOTE_ACCESS rule 5 description 'Allow Established' 71 - 72 -set firewall name REMOTE_ACCESS rule 5 log disable 73 - 74 -set firewall name REMOTE_ACCESS rule 5 protocol all 75 - 76 -set firewall name REMOTE_ACCESS rule 5 state established enable 77 - 78 -set firewall name REMOTE_ACCESS rule 5 state related enable 79 - 80 - 81 -set firewall name REMOTE_ACCESS rule 10 action accept 82 - 83 -set firewall name REMOTE_ACCESS rule 10 description 'Allow BGP' 84 - 85 -set firewall name REMOTE_ACCESS rule 10 log disable 86 - 87 -set firewall name REMOTE_ACCESS rule 10 destination port 179 88 - 89 -set firewall name REMOTE_ACCESS rule 10 protocol tcp 90 - 91 - 92 -set firewall name REMOTE_ACCESS rule 20 action accept 93 - 94 -set firewall name REMOTE_ACCESS rule 20 description 'Allow ICMP' 95 - 96 -set firewall name REMOTE_ACCESS rule 20 log disable 97 - 98 -set firewall name REMOTE_ACCESS rule 20 protocol icmp 99 - 100 - 101 -set firewall name REMOTE_ACCESS rule 30 action accept 102 - 103 -set firewall name REMOTE_ACCESS rule 30 description 'Allow SNMP' 104 - 105 -set firewall name REMOTE_ACCESS rule 30 destination port 161 106 - 107 -set firewall name REMOTE_ACCESS rule 30 protocol udp 108 - 109 -set firewall name REMOTE_ACCESS rule 30 log disable 110 - 111 -set firewall name REMOTE_ACCESS rule 30 source group network-group ALLOWED_ADMIN_GROUP 112 - 113 - 114 -set firewall name REMOTE_ACCESS rule 40 action accept 115 - 116 -set firewall name REMOTE_ACCESS rule 40 description 'Allow SSH' 117 - 118 -set firewall name REMOTE_ACCESS rule 40 destination port 22 119 - 120 -set firewall name REMOTE_ACCESS rule 40 protocol tcp 121 - 122 -set firewall name REMOTE_ACCESS rule 40 log disable 123 - 124 -set firewall name REMOTE_ACCESS rule 40 source group network-group ALLOWED_ADMIN_GROUP 125 - 126 - 127 -set firewall name REMOTE_ACCESS rule 50 action accept 128 - 129 -set firewall name REMOTE_ACCESS rule 50 description 'Allow HTTPS' 130 - 131 -set firewall name REMOTE_ACCESS rule 50 destination port 443 132 - 133 -set firewall name REMOTE_ACCESS rule 50 protocol tcp 134 - 135 -set firewall name REMOTE_ACCESS rule 50 log disable 136 - 137 -set firewall name REMOTE_ACCESS rule 50 source group network-group ALLOWED_ADMIN_GROUP 138 - 139 - 140 -set firewall name REMOTE_ACCESS rule 60 action accept 141 - 142 -set firewall name REMOTE_ACCESS rule 60 description 'Allow HTTP' 143 - 144 -set firewall name REMOTE_ACCESS rule 60 destination port 80 145 - 146 -set firewall name REMOTE_ACCESS rule 60 protocol tcp 147 - 148 -set firewall name REMOTE_ACCESS rule 60 log disable 149 - 150 -set firewall name REMOTE_ACCESS rule 60 source group network-group ALLOWED_ADMIN_GROUP 151 - 152 - 153 -set interfaces ethernet eth0 firewall local name REMOTE_ACCESS 154 - 155 -set interfaces ethernet eth1 firewall local name REMOTE_ACCESS 156 - 157 -set interfaces ethernet eth2 firewall local name REMOTE_ACCESS 158 - 159 -set interfaces ethernet eth3 firewall local name REMOTE_ACCESS - Date
-
... ... @@ -1,1 +1,0 @@ 1 -2024-06-09 20:43:22.423