kiwi/oav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a5cb461dc03ad1f057ea0d685e1b4355bee4eb8a
oav/tmp/other2.txt
Charlie Root a096ce07cf Current oav website
2023-03-20 12:18:38 +01:00

5088 lines
162 KiB
Plaintext
Raw Blame History

version 7.1R2.2;
groups {
re0 {
system {
host-name fhr1.lo6-re0;
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet;
}
}
}
}
re1 {
system {
host-name fhr1.lo6-re1;
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet;
}
}
}
}
}
apply-groups [ re0 re1 ];
system {
domain-name savvis.net;
time-zone America/New_York;
default-address-selection;
dump-on-panic;
authentication-order radius;
name-server {
204.71.36.9;
204.70.127.127;
}
radius-server {
167.215.232.32 {
secret "$9$F4r/36CAp0hSe69IcylW8";
timeout 5;
retry 1;
}
216.90.89.135 {
secret "$9$f5Q3n/CBIcQFu1Rhle";
timeout 5;
retry 1;
}
}
login {
class all {
idle-timeout 15;
permissions all;
}
class read-access {
idle-timeout 15;
permissions [ interface network routing snmp system trace view firewall ];
deny-commands "set|request|test|file|clear";
}
class scc {
idle-timeout 15;
permissions [ clear configure interface interface-control network reset routing routing-control snmp system trace view firewall rollback view-configuration ];
allow-configuration interfaces;
}
class scc_access {
idle-timeout 15;
permissions [ configure interface network routing snmp system trace view ];
}
user FULL {
uid 3004;
class all;
}
user READ {
uid 2000;
class read-access;
}
user SCC {
uid 4000;
class scc;
}
user autojuco {
uid 2017;
class all;
authentication {
ssh-rsa "1024 35 117368654974780910785804472328190496433755973300803053423299024175036242435747627812505529688000436949785484981772284116245736038093657503993364805140242824490573695257301456102356172165176328625890867569328219292100315044847195987067474021662846314660195892724192964475644563644853660336695620996491872426299 autojuco- 8/25/2004";
ssh-rsa "1024 35 117368654974780910785804472328190496433755973300803053423299024175036242435747627812505529688000436949785484981772284116245736038093657503993364805140242824490573695257301456102356172165176328625890867569328219292100315044847195987067474021662846314660195892724192964475644563644853660336695620996491872426299 autojuco - 8/25/2004";
}
}
}
static-host-mapping {
fhr1.lo6 sysid 02aa.ce18.ac40;
fhr2.lo6 sysid 02aa.ce18.ac60;
}
services {
ssh {
connection-limit 16;
rate-limit 10;
}
}
syslog {
user * {
any emergency;
}
host 204.71.36.44 {
any notice;
authorization info;
daemon info;
kernel info;
interactive-commands any;
}
host 204.71.36.45 {
any notice;
authorization info;
daemon info;
kernel info;
interactive-commands any;
}
host 204.70.133.240 {
any notice;
authorization info;
daemon info;
kernel info;
interactive-commands any;
}
host 212.124.244.48 {
any notice;
authorization any;
cron any;
daemon any;
kernel any;
user any;
firewall any;
}
host 216.90.89.68 {
any notice;
authorization info;
daemon info;
kernel info;
interactive-commands any;
}
file messages {
any notice;
authorization info;
daemon info;
kernel info;
}
file ACL10-firewall {
firewall any;
}
file cli_logs {
interactive-commands any;
}
}
processes {
snmp enable;
}
ntp {
server 204.70.128.1;
server 204.70.57.242;
}
}
chassis {
no-source-route;
dump-on-panic;
redundancy {
routing-engine 0 backup;
routing-engine 1 master;
}
aggregated-devices {
sonet {
device-count 1;
}
}
}
interfaces {
ge-0/0/0 {
description "G/E DataCenter trunk to uklond6-001.exalp-e:3.3";
vlan-tagging;
link-mode full-duplex;
gigether-options {
flow-control;
}
unit 3 {
description "Mgt LAN - uklond6-001.exalp-a:8.7";
vlan-id 3;
family inet {
accounting {
destination-class-usage;
}
address 10.49.235.4/26;
}
}
unit 8 {
description "Public LAN to uklond6_001.exalp-e:8.1";
vlan-id 8;
family inet {
accounting {
destination-class-usage;
}
address 213.174.192.177/29;
}
}
unit 27 {
description "Internet Transit VLAN to Inkra";
vlan-id 27;
family inet {
accounting {
destination-class-usage;
}
filter {
output deny-non-routable;
}
address 213.174.206.3/23 {
vrrp-group 254 {
virtual-address 213.174.206.1;
priority 254;
}
vrrp-group 255 {
virtual-address 213.174.206.2;
priority 100;
}
}
}
}
unit 901 {
description "VPN Public Interface";
vlan-id 901;
family inet {
accounting {
destination-class-usage;
}
filter {
output ACL109;
}
address 213.174.194.2/26 {
vrrp-group 109 {
virtual-address 213.174.194.1;
priority 101;
}
}
}
}
unit 912 {
description "The Carlyle Group s254723 bgp1";
vlan-id 912;
family inet {
accounting {
destination-class-usage;
}
address 165.193.172.73/30;
}
}
unit 961 {
description "Zynap Pro Co-Lo";
vlan-id 961;
family inet {
accounting {
destination-class-usage;
}
filter {
input IDS-ZYNAPCOLO-TO-NET-ANTI-SPOOF;
output NET-TO-IDS-ZYNAPCOLO-ANTI-SPOOF;
}
address 213.174.199.210/29 {
vrrp-group 161 {
virtual-address 213.174.199.209;
priority 251;
}
}
}
}
unit 969 {
description "B&Q Co-Lo";
vlan-id 969;
family inet {
accounting {
destination-class-usage;
}
filter {
input IDS-BANDQCOLO-TO-NET-ANTI-SPOOF;
}
address 10.83.54.162/29 {
vrrp-group 169 {
virtual-address 10.83.54.161;
priority 251;
}
}
}
}
unit 972 {
description "iNext Co-Lo";
vlan-id 972;
family inet {
accounting {
destination-class-usage;
}
filter {
input IDS-INEXTCOLO-TO-NET-ANTI-SPOOF;
output NET-TO-IDS-INEXTCOLO-ANTI-SPOOF;
}
address 213.174.199.114/29 {
vrrp-group 72 {
virtual-address 213.174.199.113;
priority 101;
}
}
}
}
unit 978 {
description "Inchcape Co-Lo First POD";
vlan-id 978;
family inet {
accounting {
destination-class-usage;
}
filter {
input IDS-INCHCAPECOLO-TO-NET-ANTI-SPOOF;
output NET-TO-IDS-INCHCAPECOLO-ANTI-SPOOF;
}
address 213.174.203.2/26 {
vrrp-group 72 {
virtual-address 213.174.203.1;
priority 101;
}
}
}
}
}
at-0/1/0 {
description "Future OC12 ATM for customer access via 550 - test rancid";
disable;
clocking internal;
encapsulation atm-pvc;
sonet-options {
payload-scrambler;
}
atm-options {
vpi 1 {
maximum-vcs 512;
}
vpi 2 {
maximum-vcs 512;
}
}
}
so-0/3/0 {
description "OC12 to SCR2.Lond6:so-0/3/0 part1 of as0";
sonet-options {
rfc-2615;
aggregate as0;
}
}
at-1/1/0 {
description "OC12 atm to 550 uklond6.ag:3.9";
mtu 4482;
clocking internal;
encapsulation atm-pvc;
sonet-options {
payload-scrambler;
}
atm-options {
vpi 1 {
maximum-vcs 256;
}
vpi 2 {
maximum-vcs 256;
}
vpi 8 {
maximum-vcs 1024;
}
}
unit 105 {
description "Test Hybrid - VLAN822";
encapsulation atm-snap;
vci 1.105;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.65/30;
}
}
unit 106 {
description "Fish4 Production - VLAN823";
encapsulation atm-snap;
vci 1.106;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.81/30;
}
}
unit 107 {
description "Axon Production - VLAN872";
encapsulation atm-snap;
vci 1.107;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.33/30;
}
}
unit 108 {
description "Medtronic - VLAN893";
encapsulation atm-snap;
vci 1.108;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.93/30;
}
}
unit 109 {
description "Screwfix Production - VLAN879";
encapsulation atm-snap;
vci 1.109;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.161/30;
}
}
unit 110 {
description "Screwfix DR - VLAN332";
encapsulation atm-snap;
vci 1.110;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.169/30;
}
}
unit 111 {
description "Easybroker Production - VLAN869";
encapsulation atm-snap;
vci 1.111;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.177/30;
}
}
unit 112 {
description "Easybroker Test - VLAN868";
encapsulation atm-snap;
vci 1.112;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.201/30;
}
}
unit 113 {
description "LME_WEB - VLAN864";
encapsulation atm-snap;
vci 1.113;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.89/30;
}
}
unit 114 {
description "LME_CORP - VLAN866";
encapsulation atm-snap;
vci 1.114;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.213/30;
}
}
unit 115 {
description "LMUK Production - VLAN877";
encapsulation atm-snap;
vci 1.115;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.217/30;
}
}
unit 116 {
description "LMUK Development - VLAN333";
encapsulation atm-snap;
vci 1.116;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.233/30;
}
}
unit 117 {
description "Reception Room - VLAN990";
encapsulation atm-snap;
vci 1.117;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.189/30;
}
}
unit 118 {
description "Gaming Boarse Production - VLAN853";
encapsulation atm-snap;
vci 1.118;
oam-period 3;
oam-liveness {
up-count 3;
down-count 3;
}
family inet {
accounting {
destination-class-usage;
}
mtu 1500;
address 213.174.193.129/30;
}
}
unit 710 {
description "DRAIN for uklond6_01.bsn-a:cntx04";
encapsulation atm-snap;
point-to-point;
vci 8.710;
family inet {
accounting {
destination-class-usage;
}
mtu 4470;
filter {
input uklond6_01_cntx04_ingress;
output uklond6_01_cntx04_egress;
}
address 206.24.172.81/30;
}
}
unit 711 {
description "DRAIN for uklond6_01.bsn-a:cntx11";
encapsulation atm-snap;
point-to-point;
vci 8.711;
family inet {
accounting {
destination-class-usage;
}
mtu 4470;
address 206.24.172.129/30;
}
}
unit 713 {
description "DRAIN for uklond6_01.bsn-a:cntx13";
encapsulation atm-snap;
point-to-point;
vci 8.713;
family inet {
accounting {
destination-class-usage;
}
mtu 4470;
address 206.24.172.133/30;
}
}
unit 714 {
description "DRAIN for uklond6_01.bsn-a:cntx14";
encapsulation atm-snap;
point-to-point;
vci 8.714;
family inet {
accounting {
destination-class-usage;
}
mtu 4470;
address 206.24.172.137/30;
}
}
unit 920 {
description "fhr1.lo6 to kar1.nyr at-0/3/0.920";
encapsulation atm-snap;
point-to-point;
vci 8.920;
family inet {
address 204.70.145.2/30;
}
}
unit 930 {
description "fhr1.lo6 to kar2.nyr at-0/3/0.930";
encapsulation atm-snap;
point-to-point;
vci 8.930;
family inet {
address 204.70.148.6/30;
}
}
unit 940 {
description "To dcr1.frx at-2/0/0.940";
encapsulation atm-snap;
point-to-point;
vci 8.940;
family inet {
address 204.70.192.229/30;
}
}
unit 950 {
description "fhr1.lo6 to acr2.frx at-2/0/0.950";
encapsulation atm-snap;
point-to-point;
vci 8.950;
family inet {
address 204.70.192.233/30;
}
family iso;
family mpls;
}
unit 960 {
description "fhr1.lo6 to bcr1.lnx at-3/1/0:960";
encapsulation atm-snap;
point-to-point;
vci 8.960;
family inet {
address 206.24.172.69/30;
}
family iso;
family mpls;
}
unit 970 {
description "fhr1.lo6 to bcr2.lnx at-3/1/0:970";
encapsulation atm-snap;
point-to-point;
vci 8.970;
family inet {
address 206.24.172.73/30;
}
family iso;
family mpls;
}
}
so-1/3/0 {
description "OC12 to SCR2.Lond6:so-1/3/0 part2 of as0";
sonet-options {
rfc-2615;
aggregate as0;
}
}
as0 {
description "Bonded OC12 to SCR2.Lond6:as0";
aggregated-sonet-options {
link-speed oc12;
}
unit 0 {
family inet {
address 206.24.172.77/30;
}
family iso;
family mpls;
}
}
dsc {
unit 0 {
family inet {
address 206.24.194.50/32 {
destination 206.24.194.51;
}
}
}
}
lo0 {
unit 0 {
family inet {
primary;
filter {
input ACL10;
}
address 206.24.172.64/32 {
primary;
preferred;
}
address 208.174.15.156/32;
}
family iso {
address 47.0005.80ff.e200.000a.0000.3200.02aa.ce18.ac40.00;
}
}
}
}
snmp {
description for-snmp;
community marzbar {
authorization read-only;
clients {
209.83.194.0/24;
}
}
community mvJuwJIkTJcPel2z {
authorization read-only;
}
}
accounting-options {
file ddos2 {
files 10;
}
file ddos3 {
files 10;
}
class-usage-profile ddos2 {
file ddos2;
interval 1;
destination-classes {
dos-victim2;
}
}
class-usage-profile ddos3 {
file ddos3;
interval 1;
destination-classes {
dos-victim3;
}
}
}
routing-options {
interface-routes {
rib-group inet ifrg;
}
static {
route 213.174.195.80/28 {
qualified-next-hop at-1/1/0.108 {
preference 230;
}
}
route 213.174.196.128/28 {
qualified-next-hop at-1/1/0.110 {
preference 230;
}
}
route 213.174.196.192/28 {
qualified-next-hop at-1/1/0.105 {
preference 230;
}
}
route 213.174.197.208/28 {
qualified-next-hop at-1/1/0.112 {
preference 230;
}
}
route 213.174.200.96/28 {
qualified-next-hop at-1/1/0.117 {
preference 230;
}
}
route 213.174.201.0/28 {
qualified-next-hop at-1/1/0.113 {
preference 230;
}
}
route 213.174.201.32/32 {
qualified-next-hop at-1/1/0.114 {
preference 230;
}
}
route 213.174.201.64/32 {
qualified-next-hop at-1/1/0.107 {
preference 230;
}
}
route 213.174.192.0/25 next-hop 213.174.206.233;
route 213.174.192.208/29 next-hop 213.174.206.9;
route 213.174.192.216/29 next-hop 213.174.206.9;
route 213.174.193.0/28 next-hop 213.174.207.105;
route 213.174.195.0/26 next-hop 213.174.206.25;
route 213.174.195.112/28 next-hop 213.174.206.249;
route 213.174.195.128/28 next-hop 213.174.206.113;
route 213.174.195.176/28 next-hop 213.174.206.97;
route 213.174.195.224/28 next-hop 213.174.206.81;
route 213.174.196.0/28 next-hop 213.174.206.169;
route 213.174.196.16/28 next-hop 213.174.206.105;
route 213.174.196.32/28 next-hop 213.174.206.241;
route 213.174.196.64/28 next-hop 213.174.206.121;
route 213.174.196.160/28 next-hop 213.174.206.241;
route 213.174.196.176/28 next-hop 213.174.207.49;
route 213.174.196.224/29 next-hop 213.174.206.137;
route 213.174.196.240/28 next-hop 213.174.207.113;
route 213.174.198.0/27 next-hop 213.174.207.57;
route 213.174.198.32/27 next-hop 213.174.207.73;
route 213.174.198.64/27 next-hop 213.174.207.89;
route 213.174.198.192/29 next-hop 213.174.206.185;
route 213.174.198.208/28 next-hop 213.174.206.65;
route 213.174.198.240/29 next-hop 213.174.207.1;
route 213.174.199.0/27 next-hop 213.174.206.211;
route 213.174.199.64/27 next-hop 213.174.207.17;
route 213.174.199.96/28 next-hop 213.174.206.201;
route 213.174.199.128/29 next-hop 213.174.206.33;
route 213.174.199.144/29 next-hop 213.174.206.177;
route 213.174.199.160/27 next-hop 213.174.206.161;
route 213.174.200.0/28 next-hop 213.174.206.145;
route 213.174.200.80/28 next-hop 213.174.206.17;
route 213.174.200.128/29 next-hop 213.174.206.217;
route 213.174.200.144/28 next-hop 213.174.207.33;
route 213.174.200.192/27 next-hop 213.174.207.9;
route 213.174.201.96/28 next-hop 213.174.207.129;
route 213.174.201.128/25 next-hop 213.174.206.233;
route 213.174.202.160/27 next-hop 213.174.206.241;
route 213.174.205.0/24 next-hop 213.174.207.41;
route 213.174.207.116/32 next-hop 213.174.207.113;
route 213.174.198.128/27 next-hop 213.174.199.118;
route 213.174.199.224/27 next-hop 213.174.199.118;
route 213.174.195.64/29 next-hop 10.83.54.166;
route 213.174.202.128/27 next-hop 10.83.54.166;
route 213.174.197.176/28 next-hop at-1/1/0.111;
route 213.174.200.32/28 next-hop at-1/1/0.109;
route 213.174.202.0/25 next-hop at-1/1/0.106;
route 213.174.196.96/28 next-hop 213.174.207.137;
route 213.174.195.72/29 next-hop 213.174.206.73;
route 213.174.192.144/28 next-hop 213.174.207.81;
route 213.174.200.224/28 next-hop 213.174.207.153;
route 213.174.203.192/28 next-hop 213.174.207.178;
route 213.174.202.192/27 {
qualified-next-hop at-1/1/0.115 {
preference 230;
}
}
route 213.174.202.224/28 {
qualified-next-hop at-1/1/0.115 {
preference 230;
}
}
route 213.174.197.128/27 {
qualified-next-hop at-1/1/0.115 {
preference 230;
}
}
route 213.174.198.160/28 next-hop 213.174.207.161;
route 213.174.203.224/27 next-hop 213.174.207.185;
route 213.174.198.184/29 next-hop 213.174.207.169;
route 213.174.203.160/28 next-hop 213.174.207.201;
route 213.174.203.144/29 next-hop 213.174.207.209;
route 213.174.196.232/29 next-hop 213.174.207.193;
route 213.174.197.224/28 next-hop 213.174.207.217;
route 213.174.192.128/29 next-hop 213.174.207.225;
route 213.174.203.208/29 next-hop 213.174.207.233;
route 213.174.197.240/28 next-hop 213.174.207.249;
route 213.174.203.216/29 next-hop 213.174.207.241;
route 213.174.196.112/28 next-hop 213.174.206.13;
route 213.174.198.176/29 next-hop 213.174.206.21;
route 213.174.198.251/32 next-hop 213.174.206.53;
route 213.174.197.0/25 next-hop 213.174.206.69;
route 212.117.224.192/26 next-hop 213.174.206.61;
route 213.174.198.250/32 next-hop 213.174.206.37;
route 213.174.198.252/32 next-hop 213.174.206.77;
route 213.174.198.253/32 next-hop 213.174.206.109;
route 212.124.227.48/28 next-hop 213.174.206.93;
route 82.118.66.0/24 next-hop 213.174.206.125;
route 82.118.67.0/24 next-hop 213.174.206.133;
route 82.118.65.112/28 next-hop 213.174.206.141;
route 213.174.199.48/29 next-hop 213.174.207.65;
route 82.118.65.192/26 next-hop 213.174.206.173;
route 82.118.71.0/27 next-hop 213.174.206.117;
route 82.118.95.96/27 next-hop 213.174.206.149;
route 213.174.201.112/28 next-hop 213.174.207.145;
route 212.124.251.176/28 next-hop 213.174.206.165;
route 213.174.200.16/28 next-hop 213.174.206.45;
route 212.124.226.88/29 next-hop 213.174.206.157;
route 82.118.71.64/26 next-hop 213.174.206.157;
route 213.174.198.192/28 next-hop 213.174.206.185;
route 206.24.172.144/28 next-hop 213.174.206.9;
route 82.118.70.0/24 next-hop 213.174.206.181;
route 212.124.251.160/28 next-hop at-1/1/0.108;
route 82.118.65.96/29 next-hop 213.174.206.181;
route 212.124.252.112/28 next-hop 213.174.206.101;
route 206.24.172.192/26 next-hop 213.174.207.9;
route 212.124.253.32/28 next-hop 213.174.206.189;
route 212.124.227.160/27 next-hop 213.174.206.197;
route 212.124.239.192/27 next-hop 213.174.207.217;
route 212.117.224.112/28 next-hop 213.174.206.205;
route 212.124.240.0/28 next-hop 213.174.206.213;
route 216.219.74.0/23 next-hop 213.174.206.221;
route 0.0.0.0/0 {
discard;
no-install;
}
route 212.124.240.176/28 next-hop 213.174.206.229;
route 212.124.236.32/29 next-hop 213.174.206.237;
route 212.124.224.64/28 next-hop 213.174.206.197;
route 212.124.241.208/28 next-hop 213.174.206.245;
route 213.174.193.128/27 next-hop at-1/1/0.109;
route 212.124.241.240/28 next-hop 213.174.207.5;
route 213.174.192.0/19 reject;
}
rib-groups {
mcrg {
export-rib inet.2;
import-rib inet.2;
}
ifrg {
import-rib [ inet.0 inet.2 ];
}
mcast-rpf-rib {
import-rib inet.2;
}
ios-isis-routes {
import-rib [ inet.0 inet.2 ];
import-policy isis-tag;
}
static-rg {
import-rib [ inet.0 inet.2 ];
import-policy deny-default;
}
}
router-id 206.24.172.64;
autonomous-system 3561;
forwarding-table {
export [ per-flow-load-balancing ddostracking2 ddostracking3 ];
}
}
protocols {
rsvp {
traceoptions {
file rsvp-log size 1m files 10;
flag error;
flag state;
}
interface all;
}
mpls {
statistics {
file mpls-stat;
interval 160;
}
log-updown {
syslog;
trap;
}
traceoptions {
file mpls-log size 1m files 10;
flag state;
flag error;
}
interface all;
}
bgp {
traceoptions {
file bgp size 1m files 5;
flag state send receive detail;
flag open send receive detail;
}
hold-time 180;
log-updown;
damping;
group internal {
type internal;
family inet {
unicast;
multicast;
}
authentication-key "$9$nOLcCpOEcyv8xSysgoaUD3n/90B";
export [ next-hop-self announce-local ];
peer-as 3561;
neighbor 206.24.168.27 {
description bcr1.lnx;
}
neighbor 206.24.168.28 {
description bcr2.lnx;
}
neighbor 206.24.168.1 {
description dar1.lnx;
}
neighbor 206.24.168.2 {
description iar1.lnx;
}
neighbor 206.24.172.96 {
description fhr2.lo6;
export [ next-hop-self announce-local redistribute-direct ];
}
neighbor 204.70.145.1 {
description kar1.nyr:at-0/3/0.920;
local-address 204.70.145.2;
}
neighbor 204.70.148.5 {
description kar2.nyr:at-0/3/0.930;
local-address 204.70.148.6;
}
}
group AS65530 {
type external;
description "The Carlyle Group";
multihop {
ttl 1;
}
import [ AS65530-DDoS cisco-damping filter-multihomed-customer color-external-neighbor set-customer-private-ASN-local-pref AS65530 ];
export [ default-originate deny-all ];
remove-private;
peer-as 65530;
neighbor 165.193.172.74;
}
group shasta {
type external;
description "multiple context on Nortel Shasta";
import [ color-external-neighbor set-comm-shasta prefix-shasta ];
authentication-key "$9$cVvSrv2gJHqfgo39puEhVwYg4ZjHmP5F";
export [ default-originate deny-all ];
remove-private;
neighbor 206.24.172.82 {
description uklond1_01.bsn-a:cntx04;
peer-as 65090;
}
neighbor 206.24.172.130 {
description uklond1_01.bsn-a:cntx11;
peer-as 65091;
}
neighbor 206.24.172.134 {
description uklond1_01.bsn-a:cntx13;
peer-as 65093;
}
neighbor 206.24.172.138 {
description uklond1_01.bsn-a:cntx14;
peer-as 65094;
}
}
}
isis {
traceoptions {
file log-adjacency-changes size 1m files 10;
flag error;
flag normal;
flag state;
}
lsp-lifetime 65535;
multicast-topology;
level 1 wide-metrics-only;
level 2 wide-metrics-only;
interface at-1/1/0.950 {
lsp-interval 50;
level 2 {
metric 35;
hello-interval 10;
hold-time 60;
}
level 1 disable;
}
interface at-1/1/0.960 {
lsp-interval 50;
level 2 {
metric 10;
hello-interval 10;
hold-time 60;
}
level 1 disable;
}
interface at-1/1/0.970 {
lsp-interval 50;
level 2 {
metric 10;
hello-interval 10;
hold-time 60;
}
level 1 disable;
}
interface as0.0 {
lsp-interval 50;
level 2 {
metric 2;
hello-interval 10;
hold-time 60;
}
level 1 {
metric 2;
hello-interval 10;
hold-time 60;
}
}
interface lo0.0 {
lsp-interval 50;
passive;
level 2 disable;
}
}
ldp {
traceoptions {
file ldp-log size 1m files 10;
flag error;
flag state;
}
track-igp-metric;
import block-general-ldp-routes;
egress-policy export-sec-loopback;
transport-address 208.174.15.156;
interface at-1/1/0.950;
interface at-1/1/0.960;
interface at-1/1/0.970;
interface as0.0;
interface lo0.0;
}
pim {
traceoptions {
file pim size 8m files 2;
flag general;
}
rib-group inet mcrg;
rp {
static {
address 206.24.194.40;
}
}
interface lo0.0 {
mode sparse;
version 2;
}
interface at-1/1/0.960 {
mode sparse;
version 2;
}
interface at-1/1/0.970 {
mode sparse;
version 2;
}
}
}
policy-options {
prefix-list snmp-list {
64.14.144.153/32;
64.14.144.154/32;
64.14.144.155/32;
64.14.144.156/32;
64.14.144.157/32;
64.14.144.158/32;
64.41.189.214/32;
64.41.251.174/32;
64.242.52.23/32;
167.215.232.0/24;
204.70.128.30/32;
204.70.128.31/32;
204.70.128.81/32;
204.70.128.202/32;
204.70.133.240/32;
204.70.133.243/32;
204.70.133.244/32;
204.71.36.18/32;
204.71.36.39/32;
204.71.36.225/32;
204.71.40.160/32;
206.24.168.45/32;
206.24.209.15/32;
206.24.224.24/32;
206.24.224.25/32;
208.172.0.23/32;
208.172.0.25/32;
208.172.33.25/32;
208.172.64.23/32;
208.172.80.23/32;
208.172.128.23/32;
208.172.160.23/32;
208.172.225.6/32;
208.174.48.45/32;
208.174.56.45/32;
208.175.109.17/32;
208.175.168.18/32;
208.175.184.45/32;
209.83.194.12/32;
209.83.194.104/32;
209.83.194.105/32;
209.83.194.106/32;
209.83.194.107/32;
209.83.194.108/32;
209.83.194.109/32;
209.83.194.110/32;
209.83.194.111/32;
209.83.194.112/32;
209.83.194.113/32;
209.83.194.114/32;
209.83.194.115/32;
209.83.194.188/32;
209.83.194.221/32;
209.83.194.222/32;
209.83.194.224/32;
209.83.194.225/32;
209.83.194.226/32;
209.83.194.228/32;
209.83.194.231/32;
209.83.194.251/32;
209.225.10.240/32;
216.33.108.73/32;
216.33.108.75/32;
216.74.153.230/32;
216.177.76.156/32;
216.182.78.36/32;
}
prefix-list ntp-list {
apply-path "system ntp server <*>";
}
prefix-list syslog-list {
204.70.133.240/32;
204.71.36.44/32;
204.71.36.45/32;
216.90.89.68/32;
}
prefix-list ssh-list {
64.41.189.214/32;
167.215.232.85/32;
204.70.3.0/24;
204.70.133.240/32;
204.70.133.243/32;
204.70.133.244/32;
204.71.36.0/23;
204.71.247.104/32;
206.24.168.0/25;
206.24.194.0/25;
206.24.210.0/25;
206.24.226.0/25;
208.172.2.0/25;
208.172.18.0/25;
208.172.34.0/25;
208.172.50.0/25;
208.172.66.0/25;
208.172.82.0/25;
208.172.98.0/25;
208.172.130.0/25;
208.172.146.0/25;
208.172.162.0/25;
208.172.226.0/25;
208.174.2.0/25;
208.174.15.0/24;
208.174.48.0/25;
208.174.56.0/25;
208.175.170.0/25;
208.175.184.0/25;
209.1.40.0/24;
209.1.220.0/24;
209.83.159.0/24;
209.83.194.0/24;
209.225.10.235/32;
212.124.244.44/32;
216.33.108.73/32;
216.35.132.15/32;
}
prefix-list bgp-list {
apply-path "protocols bgp group <*> neighbor <*>";
}
prefix-list non-routable-list {
0.0.0.0/7;
2.0.0.0/8;
5.0.0.0/8;
7.0.0.0/8;
10.0.0.0/8;
23.0.0.0/8;
27.0.0.0/8;
31.0.0.0/8;
36.0.0.0/7;
39.0.0.0/8;
42.0.0.0/8;
49.0.0.0/8;
50.0.0.0/8;
77.0.0.0/8;
78.0.0.0/7;
92.0.0.0/6;
96.0.0.0/4;
112.0.0.0/5;
120.0.0.0/8;
127.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
173.0.0.0/8;
174.0.0.0/7;
176.0.0.0/5;
184.0.0.0/6;
192.0.2.0/24;
192.168.0.0/16;
197.0.0.0/8;
198.18.0.0/15;
223.0.0.0/8;
224.0.0.0/3;
}
prefix-list accept-prot-55 {
24.237.7.155/32;
130.76.118.134/32;
134.205.148.227/32;
192.187.8.122/32;
}
prefix-list SObigF_prefix {
12.158.102.205/32;
12.232.104.221/32;
24.33.66.38/32;
24.197.143.132/32;
24.202.91.43/32;
24.206.75.137/32;
24.210.182.156/32;
61.38.18.59/32;
63.250.82.87/32;
65.92.80.218/32;
65.92.186.145/32;
65.93.81.59/32;
65.95.193.138/32;
65.177.240.194/32;
66.131.207.81/32;
67.9.241.67/32;
67.73.21.6/32;
68.38.159.161/32;
68.50.20.96/32;
218.147.164.29/32;
}
prefix-list bad-guys-list {
204.70.0.0/32;
}
prefix-list ddos-target-list {
204.70.0.0/32;
}
prefix-list ldp-list {
202.126.0.4/32;
206.24.194.103/32;
206.24.194.104/32;
206.24.226.97/32;
206.24.226.98/32;
208.172.130.101/32;
208.172.130.102/32;
208.172.162.17/32;
208.172.162.18/32;
208.173.155.168/32;
208.174.15.1/32;
208.174.15.2/32;
208.174.15.3/32;
208.174.15.4/32;
208.174.15.5/32;
208.174.15.6/32;
208.174.15.8/32;
208.174.15.9/32;
208.174.15.10/32;
208.174.15.12/32;
208.174.15.13/32;
208.174.15.14/32;
208.174.15.15/32;
208.174.15.16/32;
208.174.15.17/32;
208.174.15.18/32;
208.174.15.19/32;
208.174.15.21/32;
208.174.15.22/32;
208.174.15.23/32;
208.174.15.25/32;
208.174.15.26/32;
208.174.15.31/32;
208.174.15.32/32;
208.174.15.33/32;
208.174.15.34/32;
208.174.15.35/32;
208.174.15.36/32;
208.174.15.37/32;
208.174.15.38/32;
208.174.15.39/32;
208.174.15.40/32;
208.174.15.41/32;
208.174.15.42/32;
208.174.15.43/32;
208.174.15.44/32;
208.174.15.45/32;
208.174.15.46/32;
208.174.15.47/32;
208.174.15.48/32;
208.174.15.50/32;
208.174.15.51/32;
208.174.15.52/32;
208.174.15.53/32;
208.174.15.54/32;
208.174.15.55/32;
208.174.15.56/32;
208.174.15.58/32;
208.174.15.60/32;
208.174.15.61/32;
208.174.15.62/32;
208.174.15.63/32;
208.174.15.64/32;
208.174.15.66/32;
208.174.15.67/32;
208.174.15.68/32;
208.174.15.70/32;
208.174.15.72/32;
208.174.15.73/32;
208.174.15.74/32;
208.174.15.76/32;
208.174.15.80/32;
208.174.15.81/32;
208.174.15.96/32;
208.174.15.97/32;
208.174.15.98/32;
208.174.15.100/32;
208.174.15.101/32;
208.174.15.106/32;
208.174.15.107/32;
208.174.15.108/32;
208.174.15.109/32;
208.174.15.130/32;
208.174.15.131/32;
208.174.15.141/32;
208.174.15.143/32;
208.174.15.144/32;
208.174.15.146/32;
208.174.15.149/32;
208.174.15.156/32;
208.174.15.157/32;
208.174.15.158/32;
208.174.15.159/32;
208.174.15.160/32;
209.83.159.1/32;
209.83.159.3/32;
209.83.159.4/32;
209.83.159.6/32;
209.83.159.7/32;
209.83.159.106/32;
209.83.159.107/32;
209.83.159.115/32;
}
prefix-list msdp-list {
apply-path "protocols msdp group <*> peer <*>";
}
prefix-list dns-list {
apply-path "system name-server <*>";
}
prefix-list pim {
apply-path "policy-options policy-statement announce-networks term announce-networks from route-filter <*> ";
}
prefix-list radius-list {
apply-path "system radius-server <*>";
}
prefix-list core-list {
204.70.3.0/24;
206.24.168.0/25;
206.24.194.0/25;
206.24.210.0/25;
206.24.226.0/25;
208.172.2.0/25;
208.172.18.0/25;
208.172.34.0/25;
208.172.50.0/25;
208.172.66.0/25;
208.172.82.0/25;
208.172.98.0/25;
208.172.130.0/25;
208.172.146.0/25;
208.172.162.0/25;
208.172.226.0/25;
208.174.2.0/25;
208.174.15.0/24;
208.174.48.0/25;
208.174.56.0/25;
208.175.170.0/25;
208.175.184.0/25;
209.1.40.0/24;
209.1.220.0/24;
209.83.159.0/24;
}
prefix-list host-list {
63.136.120.0/21;
64.41.189.214/32;
167.215.232.0/24;
167.215.232.85/32;
204.70.133.240/32;
204.70.133.243/32;
204.70.133.244/32;
204.71.36.0/23;
204.71.39.13/32;
204.71.247.104/32;
206.24.172.144/32;
209.83.194.0/24;
209.225.10.235/32;
212.124.244.44/32;
216.33.108.73/32;
216.35.132.15/32;
}
policy-statement next-hop-self {
from color 135;
then {
next-hop self;
}
}
policy-statement color-external-neighbor {
then {
color 135;
}
}
policy-statement filter-resrv-swamp-prefix {
term step1 {
from {
route-filter 0.0.0.0/7 orlonger reject;
route-filter 2.0.0.0/8 orlonger reject;
route-filter 5.0.0.0/8 orlonger reject;
route-filter 7.0.0.0/8 orlonger reject;
route-filter 10.0.0.0/8 orlonger reject;
route-filter 23.0.0.0/8 orlonger reject;
route-filter 27.0.0.0/8 orlonger reject;
route-filter 31.0.0.0/8 orlonger reject;
route-filter 36.0.0.0/7 orlonger reject;
route-filter 39.0.0.0/8 orlonger reject;
route-filter 42.0.0.0/8 orlonger reject;
route-filter 49.0.0.0/8 orlonger reject;
route-filter 50.0.0.0/8 orlonger reject;
route-filter 77.0.0.0/8 orlonger reject;
route-filter 78.0.0.0/7 orlonger reject;
route-filter 92.0.0.0/6 orlonger reject;
route-filter 96.0.0.0/4 orlonger reject;
route-filter 112.0.0.0/5 orlonger reject;
route-filter 127.0.0.0/8 orlonger reject;
route-filter 169.254.0.0/16 orlonger reject;
route-filter 172.16.0.0/12 orlonger reject;
route-filter 173.0.0.0/8 orlonger reject;
route-filter 174.0.0.0/7 orlonger reject;
route-filter 176.0.0.0/5 orlonger reject;
route-filter 184.0.0.0/6 orlonger reject;
route-filter 192.0.2.0/24 orlonger reject;
route-filter 192.168.0.0/16 orlonger reject;
route-filter 197.0.0.0/8 orlonger reject;
route-filter 198.18.0.0/15 orlonger reject;
route-filter 223.0.0.0/8 orlonger reject;
route-filter 224.0.0.0/3 orlonger reject;
route-filter 120.0.0.0/8 orlonger reject;
}
}
term step2 {
from {
route-filter 0.0.0.0/0 upto /6;
}
then reject;
}
term step3 {
from {
route-filter 0.0.0.0/0 upto /24 next policy;
}
}
term step4 {
then reject;
}
}
policy-statement filter-multihomed-customer {
from as-path swamp;
then reject;
}
policy-statement cisco-damping {
then damping cisco;
}
policy-statement export-full-routes {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-customer;
then {
community delete comm-wild;
accept;
}
}
term comm-peer {
from community comm-peer;
then {
community delete comm-wild;
accept;
}
}
then {
community delete comm-wild;
next policy;
}
}
policy-statement private-as-filter {
from as-path private-as;
then reject;
}
policy-statement filter-specifics {
term one {
from {
route-filter 199.242.24.0/23 exact;
route-filter 206.220.224.0/22 exact;
route-filter 209.27.56.0/22 exact;
route-filter 206.128.220.0/22 exact;
route-filter 204.188.128.0/21 exact;
route-filter 207.189.88.0/21 exact;
route-filter 206.154.56.0/21 exact;
route-filter 63.136.120.0/21 exact;
route-filter 206.99.112.0/21 exact;
route-filter 206.97.16.0/21 exact;
route-filter 208.138.160.0/21 exact;
route-filter 208.157.152.0/21 exact;
route-filter 199.242.16.0/21 exact;
route-filter 206.128.208.0/21 exact;
route-filter 204.194.8.0/21 exact;
route-filter 209.143.192.0/20 exact;
route-filter 216.118.192.0/20 exact;
route-filter 206.97.0.0/20 exact;
route-filter 66.128.224.0/20 exact;
route-filter 66.128.64.0/20 exact;
route-filter 206.28.160.0/20 exact;
route-filter 216.144.64.0/20 exact;
route-filter 206.151.32.0/20 exact;
route-filter 216.182.160.0/20 exact;
route-filter 216.182.64.0/20 exact;
route-filter 216.19.160.0/20 exact;
route-filter 216.219.64.0/20 exact;
route-filter 216.219.96.0/20 exact;
route-filter 206.132.32.0/20 exact;
route-filter 216.224.96.0/20 exact;
route-filter 205.140.160.0/20 exact;
route-filter 216.227.224.0/20 exact;
route-filter 206.154.32.0/20 exact;
route-filter 216.39.32.0/20 exact;
route-filter 216.39.96.0/20 exact;
route-filter 216.48.64.0/20 exact;
route-filter 216.69.224.0/20 exact;
route-filter 64.15.192.0/20 exact;
route-filter 216.227.192.0/20 exact;
route-filter 216.14.160.0/20 exact;
route-filter 64.209.128.0/20 exact;
route-filter 64.209.192.0/20 exact;
route-filter 206.29.128.0/20 exact;
route-filter 64.253.192.0/20 exact;
route-filter 206.132.144.0/20 exact;
route-filter 64.27.160.0/20 exact;
route-filter 64.56.192.0/20 exact;
route-filter 64.70.96.0/20 exact;
route-filter 64.79.160.0/20 exact;
route-filter 208.138.0.0/20 exact;
route-filter 208.138.176.0/20 exact;
route-filter 64.89.32.0/20 exact;
route-filter 64.92.160.0/20 exact;
route-filter 208.157.128.0/20 exact;
route-filter 207.189.64.0/20 exact;
route-filter 206.99.96.0/20 exact;
route-filter 209.27.32.0/20 exact;
route-filter 204.188.144.0/20 exact;
route-filter 63.136.96.0/20 exact;
route-filter 208.167.208.0/20 exact;
route-filter 66.119.32.0/20 exact;
route-filter 208.48.208.0/20 exact;
route-filter 206.97.32.0/19 exact;
route-filter 64.209.224.0/19 exact;
route-filter 199.217.64.0/19 exact;
route-filter 213.174.192.0/19 exact;
route-filter 166.63.128.0/19 exact;
route-filter 206.28.128.0/19 exact;
route-filter 206.153.64.0/19 exact;
route-filter 207.50.160.0/19 exact;
route-filter 205.140.128.0/19 exact;
route-filter 206.132.0.0/19 exact;
route-filter 64.209.160.0/19 exact;
route-filter 208.168.192.0/19 exact;
route-filter 209.27.0.0/19 exact;
route-filter 64.15.224.0/19 exact;
route-filter 64.15.160.0/19 exact;
route-filter 216.64.192.0/19 exact;
route-filter 206.40.64.0/19 exact;
route-filter 206.154.0.0/19 exact;
route-filter 208.169.96.0/19 exact;
route-filter 208.175.192.0/19 exact;
route-filter 206.99.64.0/19 exact;
route-filter 208.163.0.0/19 exact;
route-filter 212.124.224.0/19 exact;
route-filter 208.138.128.0/19 exact;
route-filter 207.2.64.0/19 exact;
route-filter 208.166.0.0/19 exact;
route-filter 206.24.160.0/19 exact;
route-filter 208.175.160.0/19 exact;
route-filter 66.37.192.0/19 exact;
route-filter 206.151.0.0/19 exact;
route-filter 216.39.64.0/19 exact;
route-filter 205.217.192.0/19 exact;
route-filter 216.19.128.0/19 exact;
route-filter 216.182.192.0/19 exact;
route-filter 206.128.224.0/19 exact;
route-filter 216.177.64.0/19 exact;
route-filter 216.109.64.0/19 exact;
route-filter 216.104.224.0/19 exact;
route-filter 209.225.64.0/19 exact;
route-filter 209.143.224.0/19 exact;
route-filter 204.188.160.0/19 exact;
route-filter 206.96.96.0/19 exact;
route-filter 209.16.192.0/19 exact;
route-filter 82.118.64.0/19 exact;
route-filter 206.128.0.0/19 exact;
route-filter 206.40.128.0/19 exact;
route-filter 208.132.64.0/19 exact;
route-filter 64.210.160.0/19 exact;
route-filter 64.211.224.0/19 exact;
route-filter 64.22.128.0/19 exact;
route-filter 64.28.64.0/19 exact;
route-filter 64.39.32.0/19 exact;
route-filter 64.58.64.0/19 exact;
route-filter 64.68.64.0/19 exact;
route-filter 64.70.64.0/19 exact;
route-filter 63.136.64.0/19 exact;
route-filter 208.163.64.0/18 exact;
route-filter 208.173.128.0/18 exact;
route-filter 205.140.192.0/18 exact;
route-filter 206.97.64.0/18 exact;
route-filter 208.169.0.0/18 exact;
route-filter 207.50.192.0/18 exact;
route-filter 209.44.0.0/18 exact;
route-filter 206.24.192.0/18 exact;
route-filter 206.99.0.0/18 exact;
route-filter 208.168.128.0/18 exact;
route-filter 206.128.128.0/18 exact;
route-filter 206.151.64.0/18 exact;
route-filter 206.153.0.0/18 exact;
route-filter 208.132.0.0/18 exact;
route-filter 208.48.64.0/18 exact;
route-filter 208.50.128.0/18 exact;
route-filter 209.202.128.0/18 exact;
route-filter 209.225.0.0/18 exact;
route-filter 208.138.192.0/18 exact;
route-filter 208.138.64.0/18 exact;
route-filter 208.157.192.0/18 exact;
route-filter 205.217.128.0/18 exact;
route-filter 207.2.0.0/18 exact;
route-filter 216.74.128.0/18 exact;
route-filter 66.35.192.0/18 exact;
route-filter 64.210.192.0/18 exact;
route-filter 64.85.64.0/18 exact;
route-filter 206.28.192.0/18 exact;
route-filter 209.27.64.0/18 exact;
route-filter 208.167.128.0/18 exact;
route-filter 64.37.192.0/18 exact;
route-filter 206.96.0.0/18 exact;
route-filter 206.29.192.0/18 exact;
route-filter 206.154.64.0/18 exact;
route-filter 64.70.0.0/18 exact;
route-filter 208.131.192.0/18 exact;
route-filter 63.136.0.0/18 exact;
route-filter 64.75.0.0/18 exact;
route-filter 208.166.64.0/18 exact;
route-filter 209.83.128.0/17 exact;
route-filter 207.50.0.0/17 exact;
route-filter 167.216.128.0/17 exact;
route-filter 146.135.0.0/17 exact;
route-filter 205.217.0.0/17 exact;
route-filter 208.168.0.0/17 exact;
route-filter 206.28.0.0/17 exact;
route-filter 206.29.0.0/17 exact;
route-filter 208.169.128.0/17 exact;
route-filter 206.154.128.0/17 exact;
route-filter 166.49.0.0/17 exact;
route-filter 207.2.128.0/17 exact;
route-filter 206.97.128.0/17 exact;
route-filter 205.140.0.0/17 exact;
route-filter 206.153.128.0/17 exact;
route-filter 208.132.128.0/17 exact;
route-filter 208.163.128.0/17 exact;
route-filter 206.96.128.0/17 exact;
route-filter 208.173.0.0/17 exact;
route-filter 209.102.0.0/17 exact;
route-filter 208.175.0.0/17 exact;
route-filter 63.136.128.0/17 exact;
route-filter 209.25.0.0/17 exact;
route-filter 208.157.0.0/17 exact;
route-filter 208.166.128.0/17 exact;
route-filter 67.54.0.0/17 exact;
route-filter 64.41.128.0/17 exact;
route-filter 209.27.128.0/17 exact;
route-filter 206.151.128.0/17 exact;
route-filter 208.167.0.0/17 exact;
route-filter 204.188.0.0/17 exact;
route-filter 206.24.0.0/17 exact;
route-filter 208.131.0.0/17 exact;
route-filter 216.136.128.0/17 exact;
route-filter 206.99.128.0/17 exact;
route-filter 204.189.0.0/16 exact;
route-filter 206.79.0.0/16 exact;
route-filter 208.162.0.0/16 exact;
route-filter 207.82.0.0/16 exact;
route-filter 207.149.0.0/16 exact;
route-filter 209.176.0.0/16 exact;
route-filter 206.142.0.0/16 exact;
route-filter 205.136.0.0/16 exact;
route-filter 64.14.0.0/16 exact;
route-filter 207.124.0.0/16 exact;
route-filter 207.3.0.0/16 exact;
route-filter 209.1.0.0/16 exact;
route-filter 208.156.0.0/16 exact;
route-filter 206.129.0.0/16 exact;
route-filter 208.139.0.0/16 exact;
route-filter 209.223.0.0/16 exact;
route-filter 209.144.0.0/16 exact;
route-filter 209.185.0.0/16 exact;
route-filter 206.98.0.0/16 exact;
route-filter 206.150.0.0/16 exact;
route-filter 206.152.0.0/16 exact;
route-filter 209.67.0.0/16 exact;
route-filter 206.155.0.0/16 exact;
route-filter 207.51.0.0/16 exact;
route-filter 208.130.0.0/16 exact;
route-filter 63.137.0.0/16 exact;
route-filter 206.25.0.0/16 exact;
route-filter 208.133.0.0/16 exact;
route-filter 165.193.0.0/16 exact;
route-filter 167.215.0.0/16 exact;
route-filter 208.172.0.0/16 exact;
route-filter 205.216.0.0/16 exact;
route-filter 208.174.0.0/16 exact;
route-filter 207.48.0.0/15 exact;
route-filter 208.160.0.0/15 exact;
route-filter 63.128.0.0/15 exact;
route-filter 208.164.0.0/15 exact;
route-filter 204.70.0.0/15 exact;
route-filter 206.156.0.0/15 exact;
route-filter 208.158.0.0/15 exact;
route-filter 208.170.0.0/15 exact;
route-filter 208.134.0.0/15 exact;
route-filter 206.30.0.0/15 exact;
route-filter 208.136.0.0/15 exact;
route-filter 66.100.0.0/15 exact;
route-filter 208.128.0.0/15 exact;
route-filter 205.218.0.0/15 exact;
route-filter 207.0.0.0/15 exact;
route-filter 205.138.0.0/15 exact;
route-filter 206.26.0.0/15 exact;
route-filter 206.100.0.0/14 exact;
route-filter 216.88.0.0/14 exact;
route-filter 64.240.0.0/14 exact;
route-filter 208.140.0.0/14 exact;
route-filter 216.32.0.0/14 exact;
route-filter 208.152.0.0/14 exact;
route-filter 208.144.0.0/13 exact;
}
then accept;
}
term two {
from {
route-filter 199.242.24.0/23 longer reject;
route-filter 206.220.224.0/22 longer reject;
route-filter 209.27.56.0/22 longer reject;
route-filter 206.128.220.0/22 longer reject;
route-filter 204.188.128.0/21 longer reject;
route-filter 207.189.88.0/21 longer reject;
route-filter 206.154.56.0/21 longer reject;
route-filter 63.136.120.0/21 longer reject;
route-filter 206.99.112.0/21 longer reject;
route-filter 206.97.16.0/21 longer reject;
route-filter 208.138.160.0/21 longer reject;
route-filter 208.157.152.0/21 longer reject;
route-filter 199.242.16.0/21 longer reject;
route-filter 206.128.208.0/21 longer reject;
route-filter 204.194.8.0/21 longer reject;
route-filter 209.143.192.0/20 longer reject;
route-filter 216.118.192.0/20 longer reject;
route-filter 206.97.0.0/20 longer reject;
route-filter 66.128.224.0/20 longer reject;
route-filter 66.128.64.0/20 longer reject;
route-filter 206.28.160.0/20 longer reject;
route-filter 216.144.64.0/20 longer reject;
route-filter 206.151.32.0/20 longer reject;
route-filter 216.182.160.0/20 longer reject;
route-filter 216.182.64.0/20 longer reject;
route-filter 216.19.160.0/20 longer reject;
route-filter 216.219.64.0/20 longer reject;
route-filter 216.219.96.0/20 longer reject;
route-filter 206.132.32.0/20 longer reject;
route-filter 216.224.96.0/20 longer reject;
route-filter 205.140.160.0/20 longer reject;
route-filter 216.227.224.0/20 longer reject;
route-filter 206.154.32.0/20 longer reject;
route-filter 216.39.32.0/20 longer reject;
route-filter 216.39.96.0/20 longer reject;
route-filter 216.48.64.0/20 longer reject;
route-filter 216.69.224.0/20 longer reject;
route-filter 64.15.192.0/20 longer reject;
route-filter 216.227.192.0/20 longer reject;
route-filter 216.14.160.0/20 longer reject;
route-filter 64.209.128.0/20 longer reject;
route-filter 64.209.192.0/20 longer reject;
route-filter 206.29.128.0/20 longer reject;
route-filter 64.253.192.0/20 longer reject;
route-filter 206.132.144.0/20 longer reject;
route-filter 64.27.160.0/20 longer reject;
route-filter 64.56.192.0/20 longer reject;
route-filter 64.70.96.0/20 longer reject;
route-filter 64.79.160.0/20 longer reject;
route-filter 208.138.0.0/20 longer reject;
route-filter 208.138.176.0/20 longer reject;
route-filter 64.89.32.0/20 longer reject;
route-filter 64.92.160.0/20 longer reject;
route-filter 208.157.128.0/20 longer reject;
route-filter 207.189.64.0/20 longer reject;
route-filter 206.99.96.0/20 longer reject;
route-filter 209.27.32.0/20 longer reject;
route-filter 204.188.144.0/20 longer reject;
route-filter 63.136.96.0/20 longer reject;
route-filter 208.167.208.0/20 longer reject;
route-filter 66.119.32.0/20 longer reject;
route-filter 208.48.208.0/20 longer reject;
route-filter 206.97.32.0/19 longer reject;
route-filter 64.209.224.0/19 longer reject;
route-filter 199.217.64.0/19 longer reject;
route-filter 213.174.192.0/19 longer reject;
route-filter 166.63.128.0/19 longer reject;
route-filter 206.28.128.0/19 longer reject;
route-filter 206.153.64.0/19 longer reject;
route-filter 207.50.160.0/19 longer reject;
route-filter 205.140.128.0/19 longer reject;
route-filter 206.132.0.0/19 longer reject;
route-filter 64.209.160.0/19 longer reject;
route-filter 208.168.192.0/19 longer reject;
route-filter 209.27.0.0/19 longer reject;
route-filter 64.15.224.0/19 longer reject;
route-filter 64.15.160.0/19 longer reject;
route-filter 216.64.192.0/19 longer reject;
route-filter 206.40.64.0/19 longer reject;
route-filter 206.154.0.0/19 longer reject;
route-filter 208.169.96.0/19 longer reject;
route-filter 208.175.192.0/19 longer reject;
route-filter 206.99.64.0/19 longer reject;
route-filter 208.163.0.0/19 longer reject;
route-filter 212.124.224.0/19 longer reject;
route-filter 208.138.128.0/19 longer reject;
route-filter 207.2.64.0/19 longer reject;
route-filter 208.166.0.0/19 longer reject;
route-filter 206.24.160.0/19 longer reject;
route-filter 208.175.160.0/19 longer reject;
route-filter 66.37.192.0/19 longer reject;
route-filter 206.151.0.0/19 longer reject;
route-filter 216.39.64.0/19 longer reject;
route-filter 205.217.192.0/19 longer reject;
route-filter 216.19.128.0/19 longer reject;
route-filter 216.182.192.0/19 longer reject;
route-filter 206.128.224.0/19 longer reject;
route-filter 216.177.64.0/19 longer reject;
route-filter 216.109.64.0/19 longer reject;
route-filter 216.104.224.0/19 longer reject;
route-filter 209.225.64.0/19 longer reject;
route-filter 209.143.224.0/19 longer reject;
route-filter 204.188.160.0/19 longer reject;
route-filter 206.96.96.0/19 longer reject;
route-filter 209.16.192.0/19 longer reject;
route-filter 82.118.64.0/19 longer reject;
route-filter 206.128.0.0/19 longer reject;
route-filter 206.40.128.0/19 longer reject;
route-filter 208.132.64.0/19 longer reject;
route-filter 64.210.160.0/19 longer reject;
route-filter 64.211.224.0/19 longer reject;
route-filter 64.22.128.0/19 longer reject;
route-filter 64.28.64.0/19 longer reject;
route-filter 64.39.32.0/19 longer reject;
route-filter 64.58.64.0/19 longer reject;
route-filter 64.68.64.0/19 longer reject;
route-filter 64.70.64.0/19 longer reject;
route-filter 63.136.64.0/19 longer reject;
route-filter 208.163.64.0/18 longer reject;
route-filter 208.173.128.0/18 longer reject;
route-filter 205.140.192.0/18 longer reject;
route-filter 206.97.64.0/18 longer reject;
route-filter 208.169.0.0/18 longer reject;
route-filter 207.50.192.0/18 longer reject;
route-filter 209.44.0.0/18 longer reject;
route-filter 206.24.192.0/18 longer reject;
route-filter 206.99.0.0/18 longer reject;
route-filter 208.168.128.0/18 longer reject;
route-filter 206.128.128.0/18 longer reject;
route-filter 206.151.64.0/18 longer reject;
route-filter 206.153.0.0/18 longer reject;
route-filter 208.132.0.0/18 longer reject;
route-filter 208.48.64.0/18 longer reject;
route-filter 208.50.128.0/18 longer reject;
route-filter 209.202.128.0/18 longer reject;
route-filter 209.225.0.0/18 longer reject;
route-filter 208.138.192.0/18 longer reject;
route-filter 208.138.64.0/18 longer reject;
route-filter 208.157.192.0/18 longer reject;
route-filter 205.217.128.0/18 longer reject;
route-filter 207.2.0.0/18 longer reject;
route-filter 216.74.128.0/18 longer reject;
route-filter 66.35.192.0/18 longer reject;
route-filter 64.210.192.0/18 longer reject;
route-filter 64.85.64.0/18 longer reject;
route-filter 206.28.192.0/18 longer reject;
route-filter 209.27.64.0/18 longer reject;
route-filter 208.167.128.0/18 longer reject;
route-filter 64.37.192.0/18 longer reject;
route-filter 206.96.0.0/18 longer reject;
route-filter 206.29.192.0/18 longer reject;
route-filter 206.154.64.0/18 longer reject;
route-filter 64.70.0.0/18 longer reject;
route-filter 208.131.192.0/18 longer reject;
route-filter 63.136.0.0/18 longer reject;
route-filter 64.75.0.0/18 longer reject;
route-filter 208.166.64.0/18 longer reject;
route-filter 209.83.128.0/17 longer reject;
route-filter 207.50.0.0/17 longer reject;
route-filter 167.216.128.0/17 longer reject;
route-filter 146.135.0.0/17 longer reject;
route-filter 205.217.0.0/17 longer reject;
route-filter 208.168.0.0/17 longer reject;
route-filter 206.28.0.0/17 longer reject;
route-filter 206.29.0.0/17 longer reject;
route-filter 208.169.128.0/17 longer reject;
route-filter 206.154.128.0/17 longer reject;
route-filter 166.49.0.0/17 longer reject;
route-filter 207.2.128.0/17 longer reject;
route-filter 206.97.128.0/17 longer reject;
route-filter 205.140.0.0/17 longer reject;
route-filter 206.153.128.0/17 longer reject;
route-filter 208.132.128.0/17 longer reject;
route-filter 208.163.128.0/17 longer reject;
route-filter 206.96.128.0/17 longer reject;
route-filter 208.173.0.0/17 longer reject;
route-filter 209.102.0.0/17 longer reject;
route-filter 208.175.0.0/17 longer reject;
route-filter 63.136.128.0/17 longer reject;
route-filter 209.25.0.0/17 longer reject;
route-filter 208.157.0.0/17 longer reject;
route-filter 208.166.128.0/17 longer reject;
route-filter 67.54.0.0/17 longer reject;
route-filter 64.41.128.0/17 longer reject;
route-filter 209.27.128.0/17 longer reject;
route-filter 206.151.128.0/17 longer reject;
route-filter 208.167.0.0/17 longer reject;
route-filter 204.188.0.0/17 longer reject;
route-filter 206.24.0.0/17 longer reject;
route-filter 208.131.0.0/17 longer reject;
route-filter 216.136.128.0/17 longer reject;
route-filter 206.99.128.0/17 longer reject;
route-filter 204.189.0.0/16 longer reject;
route-filter 206.79.0.0/16 longer reject;
route-filter 208.162.0.0/16 longer reject;
route-filter 207.82.0.0/16 longer reject;
route-filter 207.149.0.0/16 longer reject;
route-filter 209.176.0.0/16 longer reject;
route-filter 206.142.0.0/16 longer reject;
route-filter 205.136.0.0/16 longer reject;
route-filter 64.14.0.0/16 longer reject;
route-filter 207.124.0.0/16 longer reject;
route-filter 207.3.0.0/16 longer reject;
route-filter 209.1.0.0/16 longer reject;
route-filter 208.156.0.0/16 longer reject;
route-filter 206.129.0.0/16 longer reject;
route-filter 208.139.0.0/16 longer reject;
route-filter 209.223.0.0/16 longer reject;
route-filter 209.144.0.0/16 longer reject;
route-filter 209.185.0.0/16 longer reject;
route-filter 206.98.0.0/16 longer reject;
route-filter 206.150.0.0/16 longer reject;
route-filter 206.152.0.0/16 longer reject;
route-filter 209.67.0.0/16 longer reject;
route-filter 206.155.0.0/16 longer reject;
route-filter 207.51.0.0/16 longer reject;
route-filter 208.130.0.0/16 longer reject;
route-filter 63.137.0.0/16 longer reject;
route-filter 206.25.0.0/16 longer reject;
route-filter 208.133.0.0/16 longer reject;
route-filter 165.193.0.0/16 longer reject;
route-filter 167.215.0.0/16 longer reject;
route-filter 208.172.0.0/16 longer reject;
route-filter 205.216.0.0/16 longer reject;
route-filter 208.174.0.0/16 longer reject;
route-filter 207.48.0.0/15 longer reject;
route-filter 208.160.0.0/15 longer reject;
route-filter 63.128.0.0/15 longer reject;
route-filter 208.164.0.0/15 longer reject;
route-filter 204.70.0.0/15 longer reject;
route-filter 206.156.0.0/15 longer reject;
route-filter 208.158.0.0/15 longer reject;
route-filter 208.170.0.0/15 longer reject;
route-filter 208.134.0.0/15 longer reject;
route-filter 206.30.0.0/15 longer reject;
route-filter 208.136.0.0/15 longer reject;
route-filter 66.100.0.0/15 longer reject;
route-filter 208.128.0.0/15 longer reject;
route-filter 205.218.0.0/15 longer reject;
route-filter 207.0.0.0/15 longer reject;
route-filter 205.138.0.0/15 longer reject;
route-filter 206.26.0.0/15 longer reject;
route-filter 206.100.0.0/14 longer reject;
route-filter 216.88.0.0/14 longer reject;
route-filter 64.240.0.0/14 longer reject;
route-filter 208.140.0.0/14 longer reject;
route-filter 216.32.0.0/14 longer reject;
route-filter 208.152.0.0/14 longer reject;
route-filter 208.144.0.0/13 longer reject;
}
then next policy;
}
}
policy-statement find-specifics {
term accept-specifics {
from {
route-filter 199.242.24.0/23 longer accept;
route-filter 206.220.224.0/22 longer accept;
route-filter 209.27.56.0/22 longer accept;
route-filter 206.128.220.0/22 longer accept;
route-filter 204.188.128.0/21 longer accept;
route-filter 207.189.88.0/21 longer accept;
route-filter 206.154.56.0/21 longer accept;
route-filter 63.136.120.0/21 longer accept;
route-filter 206.99.112.0/21 longer accept;
route-filter 206.97.16.0/21 longer accept;
route-filter 208.138.160.0/21 longer accept;
route-filter 208.157.152.0/21 longer accept;
route-filter 199.242.16.0/21 longer accept;
route-filter 206.128.208.0/21 longer accept;
route-filter 204.194.8.0/21 longer accept;
route-filter 209.143.192.0/20 longer accept;
route-filter 216.118.192.0/20 longer accept;
route-filter 206.97.0.0/20 longer accept;
route-filter 66.128.224.0/20 longer accept;
route-filter 66.128.64.0/20 longer accept;
route-filter 206.28.160.0/20 longer accept;
route-filter 216.144.64.0/20 longer accept;
route-filter 206.151.32.0/20 longer accept;
route-filter 216.182.160.0/20 longer accept;
route-filter 216.182.64.0/20 longer accept;
route-filter 216.19.160.0/20 longer accept;
route-filter 216.219.64.0/20 longer accept;
route-filter 216.219.96.0/20 longer accept;
route-filter 206.132.32.0/20 longer accept;
route-filter 216.224.96.0/20 longer accept;
route-filter 205.140.160.0/20 longer accept;
route-filter 216.227.224.0/20 longer accept;
route-filter 206.154.32.0/20 longer accept;
route-filter 216.39.32.0/20 longer accept;
route-filter 216.39.96.0/20 longer accept;
route-filter 216.48.64.0/20 longer accept;
route-filter 216.69.224.0/20 longer accept;
route-filter 64.15.192.0/20 longer accept;
route-filter 216.227.192.0/20 longer accept;
route-filter 216.14.160.0/20 longer accept;
route-filter 64.209.128.0/20 longer accept;
route-filter 64.209.192.0/20 longer accept;
route-filter 206.29.128.0/20 longer accept;
route-filter 64.253.192.0/20 longer accept;
route-filter 206.132.144.0/20 longer accept;
route-filter 64.27.160.0/20 longer accept;
route-filter 64.56.192.0/20 longer accept;
route-filter 64.70.96.0/20 longer accept;
route-filter 64.79.160.0/20 longer accept;
route-filter 208.138.0.0/20 longer accept;
route-filter 208.138.176.0/20 longer accept;
route-filter 64.89.32.0/20 longer accept;
route-filter 64.92.160.0/20 longer accept;
route-filter 208.157.128.0/20 longer accept;
route-filter 207.189.64.0/20 longer accept;
route-filter 206.99.96.0/20 longer accept;
route-filter 209.27.32.0/20 longer accept;
route-filter 204.188.144.0/20 longer accept;
route-filter 63.136.96.0/20 longer accept;
route-filter 208.167.208.0/20 longer accept;
route-filter 66.119.32.0/20 longer accept;
route-filter 208.48.208.0/20 longer accept;
route-filter 206.97.32.0/19 longer accept;
route-filter 64.209.224.0/19 longer accept;
route-filter 199.217.64.0/19 longer accept;
route-filter 213.174.192.0/19 longer accept;
route-filter 166.63.128.0/19 longer accept;
route-filter 206.28.128.0/19 longer accept;
route-filter 206.153.64.0/19 longer accept;
route-filter 207.50.160.0/19 longer accept;
route-filter 205.140.128.0/19 longer accept;
route-filter 206.132.0.0/19 longer accept;
route-filter 64.209.160.0/19 longer accept;
route-filter 208.168.192.0/19 longer accept;
route-filter 209.27.0.0/19 longer accept;
route-filter 64.15.224.0/19 longer accept;
route-filter 64.15.160.0/19 longer accept;
route-filter 216.64.192.0/19 longer accept;
route-filter 206.40.64.0/19 longer accept;
route-filter 206.154.0.0/19 longer accept;
route-filter 208.169.96.0/19 longer accept;
route-filter 208.175.192.0/19 longer accept;
route-filter 206.99.64.0/19 longer accept;
route-filter 208.163.0.0/19 longer accept;
route-filter 212.124.224.0/19 longer accept;
route-filter 208.138.128.0/19 longer accept;
route-filter 207.2.64.0/19 longer accept;
route-filter 208.166.0.0/19 longer accept;
route-filter 206.24.160.0/19 longer accept;
route-filter 208.175.160.0/19 longer accept;
route-filter 66.37.192.0/19 longer accept;
route-filter 206.151.0.0/19 longer accept;
route-filter 216.39.64.0/19 longer accept;
route-filter 205.217.192.0/19 longer accept;
route-filter 216.19.128.0/19 longer accept;
route-filter 216.182.192.0/19 longer accept;
route-filter 206.128.224.0/19 longer accept;
route-filter 216.177.64.0/19 longer accept;
route-filter 216.109.64.0/19 longer accept;
route-filter 216.104.224.0/19 longer accept;
route-filter 209.225.64.0/19 longer accept;
route-filter 209.143.224.0/19 longer accept;
route-filter 204.188.160.0/19 longer accept;
route-filter 206.96.96.0/19 longer accept;
route-filter 209.16.192.0/19 longer accept;
route-filter 82.118.64.0/19 longer accept;
route-filter 206.128.0.0/19 longer accept;
route-filter 206.40.128.0/19 longer accept;
route-filter 208.132.64.0/19 longer accept;
route-filter 64.210.160.0/19 longer accept;
route-filter 64.211.224.0/19 longer accept;
route-filter 64.22.128.0/19 longer accept;
route-filter 64.28.64.0/19 longer accept;
route-filter 64.39.32.0/19 longer accept;
route-filter 64.58.64.0/19 longer accept;
route-filter 64.68.64.0/19 longer accept;
route-filter 64.70.64.0/19 longer accept;
route-filter 63.136.64.0/19 longer accept;
route-filter 208.163.64.0/18 longer accept;
route-filter 208.173.128.0/18 longer accept;
route-filter 205.140.192.0/18 longer accept;
route-filter 206.97.64.0/18 longer accept;
route-filter 208.169.0.0/18 longer accept;
route-filter 207.50.192.0/18 longer accept;
route-filter 209.44.0.0/18 longer accept;
route-filter 206.24.192.0/18 longer accept;
route-filter 206.99.0.0/18 longer accept;
route-filter 208.168.128.0/18 longer accept;
route-filter 206.128.128.0/18 longer accept;
route-filter 206.151.64.0/18 longer accept;
route-filter 206.153.0.0/18 longer accept;
route-filter 208.132.0.0/18 longer accept;
route-filter 208.48.64.0/18 longer accept;
route-filter 208.50.128.0/18 longer accept;
route-filter 209.202.128.0/18 longer accept;
route-filter 209.225.0.0/18 longer accept;
route-filter 208.138.192.0/18 longer accept;
route-filter 208.138.64.0/18 longer accept;
route-filter 208.157.192.0/18 longer accept;
route-filter 205.217.128.0/18 longer accept;
route-filter 207.2.0.0/18 longer accept;
route-filter 216.74.128.0/18 longer accept;
route-filter 66.35.192.0/18 longer accept;
route-filter 64.210.192.0/18 longer accept;
route-filter 64.85.64.0/18 longer accept;
route-filter 206.28.192.0/18 longer accept;
route-filter 209.27.64.0/18 longer accept;
route-filter 208.167.128.0/18 longer accept;
route-filter 64.37.192.0/18 longer accept;
route-filter 206.96.0.0/18 longer accept;
route-filter 206.29.192.0/18 longer accept;
route-filter 206.154.64.0/18 longer accept;
route-filter 64.70.0.0/18 longer accept;
route-filter 208.131.192.0/18 longer accept;
route-filter 63.136.0.0/18 longer accept;
route-filter 64.75.0.0/18 longer accept;
route-filter 208.166.64.0/18 longer accept;
route-filter 209.83.128.0/17 longer accept;
route-filter 207.50.0.0/17 longer accept;
route-filter 167.216.128.0/17 longer accept;
route-filter 146.135.0.0/17 longer accept;
route-filter 205.217.0.0/17 longer accept;
route-filter 208.168.0.0/17 longer accept;
route-filter 206.28.0.0/17 longer accept;
route-filter 206.29.0.0/17 longer accept;
route-filter 208.169.128.0/17 longer accept;
route-filter 206.154.128.0/17 longer accept;
route-filter 166.49.0.0/17 longer accept;
route-filter 207.2.128.0/17 longer accept;
route-filter 206.97.128.0/17 longer accept;
route-filter 205.140.0.0/17 longer accept;
route-filter 206.153.128.0/17 longer accept;
route-filter 208.132.128.0/17 longer accept;
route-filter 208.163.128.0/17 longer accept;
route-filter 206.96.128.0/17 longer accept;
route-filter 208.173.0.0/17 longer accept;
route-filter 209.102.0.0/17 longer accept;
route-filter 208.175.0.0/17 longer accept;
route-filter 63.136.128.0/17 longer accept;
route-filter 209.25.0.0/17 longer accept;
route-filter 208.157.0.0/17 longer accept;
route-filter 208.166.128.0/17 longer accept;
route-filter 67.54.0.0/17 longer accept;
route-filter 64.41.128.0/17 longer accept;
route-filter 209.27.128.0/17 longer accept;
route-filter 206.151.128.0/17 longer accept;
route-filter 208.167.0.0/17 longer accept;
route-filter 204.188.0.0/17 longer accept;
route-filter 206.24.0.0/17 longer accept;
route-filter 208.131.0.0/17 longer accept;
route-filter 216.136.128.0/17 longer accept;
route-filter 206.99.128.0/17 longer accept;
route-filter 204.189.0.0/16 longer accept;
route-filter 206.79.0.0/16 longer accept;
route-filter 208.162.0.0/16 longer accept;
route-filter 207.82.0.0/16 longer accept;
route-filter 207.149.0.0/16 longer accept;
route-filter 209.176.0.0/16 longer accept;
route-filter 206.142.0.0/16 longer accept;
route-filter 205.136.0.0/16 longer accept;
route-filter 64.14.0.0/16 longer accept;
route-filter 207.124.0.0/16 longer accept;
route-filter 207.3.0.0/16 longer accept;
route-filter 209.1.0.0/16 longer accept;
route-filter 208.156.0.0/16 longer accept;
route-filter 206.129.0.0/16 longer accept;
route-filter 208.139.0.0/16 longer accept;
route-filter 209.223.0.0/16 longer accept;
route-filter 209.144.0.0/16 longer accept;
route-filter 209.185.0.0/16 longer accept;
route-filter 206.98.0.0/16 longer accept;
route-filter 206.150.0.0/16 longer accept;
route-filter 206.152.0.0/16 longer accept;
route-filter 209.67.0.0/16 longer accept;
route-filter 206.155.0.0/16 longer accept;
route-filter 207.51.0.0/16 longer accept;
route-filter 208.130.0.0/16 longer accept;
route-filter 63.137.0.0/16 longer accept;
route-filter 206.25.0.0/16 longer accept;
route-filter 208.133.0.0/16 longer accept;
route-filter 165.193.0.0/16 longer accept;
route-filter 167.215.0.0/16 longer accept;
route-filter 208.172.0.0/16 longer accept;
route-filter 205.216.0.0/16 longer accept;
route-filter 208.174.0.0/16 longer accept;
route-filter 207.48.0.0/15 longer accept;
route-filter 208.160.0.0/15 longer accept;
route-filter 63.128.0.0/15 longer accept;
route-filter 208.164.0.0/15 longer accept;
route-filter 204.70.0.0/15 longer accept;
route-filter 206.156.0.0/15 longer accept;
route-filter 208.158.0.0/15 longer accept;
route-filter 208.170.0.0/15 longer accept;
route-filter 208.134.0.0/15 longer accept;
route-filter 206.30.0.0/15 longer accept;
route-filter 208.136.0.0/15 longer accept;
route-filter 66.100.0.0/15 longer accept;
route-filter 208.128.0.0/15 longer accept;
route-filter 205.218.0.0/15 longer accept;
route-filter 207.0.0.0/15 longer accept;
route-filter 205.138.0.0/15 longer accept;
route-filter 206.26.0.0/15 longer accept;
route-filter 206.100.0.0/14 longer accept;
route-filter 216.88.0.0/14 longer accept;
route-filter 64.240.0.0/14 longer accept;
route-filter 208.140.0.0/14 longer accept;
route-filter 216.32.0.0/14 longer accept;
route-filter 208.152.0.0/14 longer accept;
route-filter 208.144.0.0/13 longer accept;
}
}
term reject-others {
then reject;
}
}
policy-statement export-customer-routes-glbl {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-customer;
then {
community delete comm-wild;
accept;
}
}
term comm-peer {
from community comm-peer;
then reject;
}
then {
community delete comm-wild;
next policy;
}
}
policy-statement export-customer-routes-glbl-comm {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-customer;
then accept;
}
term comm-peer {
from community comm-peer;
then reject;
}
then next policy;
}
policy-statement export-full-routes-comm {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-customer;
then accept;
}
term comm-peer {
from community comm-peer;
then accept;
}
then next policy;
}
policy-statement set-peer-local-pref-100-RNA {
then {
local-preference 100;
community set comm-RNA-peer;
}
}
policy-statement set-peer-local-pref-RNA {
then {
metric 128;
local-preference 80;
community set comm-RNA-peer;
}
}
policy-statement per-flow-load-balancing {
term 1 {
from {
route-filter 208.174.15.0/24 orlonger;
}
}
then {
load-balance per-packet;
}
}
policy-statement default-originate {
term 1 {
from {
route-filter 0.0.0.0/0 exact accept;
}
}
term 2 {
then next policy;
}
}
policy-statement export-backbone-routes {
term one {
from {
route-filter 199.242.24.0/23 exact;
route-filter 206.220.224.0/22 exact;
route-filter 209.27.56.0/22 exact;
route-filter 206.128.220.0/22 exact;
route-filter 204.188.128.0/21 exact;
route-filter 207.189.88.0/21 exact;
route-filter 206.154.56.0/21 exact;
route-filter 63.136.120.0/21 exact;
route-filter 206.99.112.0/21 exact;
route-filter 206.97.16.0/21 exact;
route-filter 208.138.160.0/21 exact;
route-filter 208.157.152.0/21 exact;
route-filter 199.242.16.0/21 exact;
route-filter 206.128.208.0/21 exact;
route-filter 204.194.8.0/21 exact;
route-filter 209.143.192.0/20 exact;
route-filter 216.118.192.0/20 exact;
route-filter 206.97.0.0/20 exact;
route-filter 66.128.224.0/20 exact;
route-filter 66.128.64.0/20 exact;
route-filter 206.28.160.0/20 exact;
route-filter 216.144.64.0/20 exact;
route-filter 206.151.32.0/20 exact;
route-filter 216.182.160.0/20 exact;
route-filter 216.182.64.0/20 exact;
route-filter 216.19.160.0/20 exact;
route-filter 216.219.64.0/20 exact;
route-filter 216.219.96.0/20 exact;
route-filter 206.132.32.0/20 exact;
route-filter 216.224.96.0/20 exact;
route-filter 205.140.160.0/20 exact;
route-filter 216.227.224.0/20 exact;
route-filter 206.154.32.0/20 exact;
route-filter 216.39.32.0/20 exact;
route-filter 216.39.96.0/20 exact;
route-filter 216.48.64.0/20 exact;
route-filter 216.69.224.0/20 exact;
route-filter 64.15.192.0/20 exact;
route-filter 216.227.192.0/20 exact;
route-filter 216.14.160.0/20 exact;
route-filter 64.209.128.0/20 exact;
route-filter 64.209.192.0/20 exact;
route-filter 206.29.128.0/20 exact;
route-filter 64.253.192.0/20 exact;
route-filter 206.132.144.0/20 exact;
route-filter 64.27.160.0/20 exact;
route-filter 64.56.192.0/20 exact;
route-filter 64.70.96.0/20 exact;
route-filter 64.79.160.0/20 exact;
route-filter 208.138.0.0/20 exact;
route-filter 208.138.176.0/20 exact;
route-filter 64.89.32.0/20 exact;
route-filter 64.92.160.0/20 exact;
route-filter 208.157.128.0/20 exact;
route-filter 207.189.64.0/20 exact;
route-filter 206.99.96.0/20 exact;
route-filter 209.27.32.0/20 exact;
route-filter 204.188.144.0/20 exact;
route-filter 63.136.96.0/20 exact;
route-filter 208.167.208.0/20 exact;
route-filter 66.119.32.0/20 exact;
route-filter 208.48.208.0/20 exact;
route-filter 206.97.32.0/19 exact;
route-filter 64.209.224.0/19 exact;
route-filter 199.217.64.0/19 exact;
route-filter 213.174.192.0/19 exact;
route-filter 166.63.128.0/19 exact;
route-filter 206.28.128.0/19 exact;
route-filter 206.153.64.0/19 exact;
route-filter 207.50.160.0/19 exact;
route-filter 205.140.128.0/19 exact;
route-filter 206.132.0.0/19 exact;
route-filter 64.209.160.0/19 exact;
route-filter 208.168.192.0/19 exact;
route-filter 209.27.0.0/19 exact;
route-filter 64.15.224.0/19 exact;
route-filter 64.15.160.0/19 exact;
route-filter 216.64.192.0/19 exact;
route-filter 206.40.64.0/19 exact;
route-filter 206.154.0.0/19 exact;
route-filter 208.169.96.0/19 exact;
route-filter 208.175.192.0/19 exact;
route-filter 206.99.64.0/19 exact;
route-filter 208.163.0.0/19 exact;
route-filter 212.124.224.0/19 exact;
route-filter 208.138.128.0/19 exact;
route-filter 207.2.64.0/19 exact;
route-filter 208.166.0.0/19 exact;
route-filter 206.24.160.0/19 exact;
route-filter 208.175.160.0/19 exact;
route-filter 66.37.192.0/19 exact;
route-filter 206.151.0.0/19 exact;
route-filter 216.39.64.0/19 exact;
route-filter 205.217.192.0/19 exact;
route-filter 216.19.128.0/19 exact;
route-filter 216.182.192.0/19 exact;
route-filter 206.128.224.0/19 exact;
route-filter 216.177.64.0/19 exact;
route-filter 216.109.64.0/19 exact;
route-filter 216.104.224.0/19 exact;
route-filter 209.225.64.0/19 exact;
route-filter 209.143.224.0/19 exact;
route-filter 204.188.160.0/19 exact;
route-filter 206.96.96.0/19 exact;
route-filter 209.16.192.0/19 exact;
route-filter 82.118.64.0/19 exact;
route-filter 206.128.0.0/19 exact;
route-filter 206.40.128.0/19 exact;
route-filter 208.132.64.0/19 exact;
route-filter 64.210.160.0/19 exact;
route-filter 64.211.224.0/19 exact;
route-filter 64.22.128.0/19 exact;
route-filter 64.28.64.0/19 exact;
route-filter 64.39.32.0/19 exact;
route-filter 64.58.64.0/19 exact;
route-filter 64.68.64.0/19 exact;
route-filter 64.70.64.0/19 exact;
route-filter 63.136.64.0/19 exact;
route-filter 208.163.64.0/18 exact;
route-filter 208.173.128.0/18 exact;
route-filter 205.140.192.0/18 exact;
route-filter 206.97.64.0/18 exact;
route-filter 208.169.0.0/18 exact;
route-filter 207.50.192.0/18 exact;
route-filter 209.44.0.0/18 exact;
route-filter 206.24.192.0/18 exact;
route-filter 206.99.0.0/18 exact;
route-filter 208.168.128.0/18 exact;
route-filter 206.128.128.0/18 exact;
route-filter 206.151.64.0/18 exact;
route-filter 206.153.0.0/18 exact;
route-filter 208.132.0.0/18 exact;
route-filter 208.48.64.0/18 exact;
route-filter 208.50.128.0/18 exact;
route-filter 209.202.128.0/18 exact;
route-filter 209.225.0.0/18 exact;
route-filter 208.138.192.0/18 exact;
route-filter 208.138.64.0/18 exact;
route-filter 208.157.192.0/18 exact;
route-filter 205.217.128.0/18 exact;
route-filter 207.2.0.0/18 exact;
route-filter 216.74.128.0/18 exact;
route-filter 66.35.192.0/18 exact;
route-filter 64.210.192.0/18 exact;
route-filter 64.85.64.0/18 exact;
route-filter 206.28.192.0/18 exact;
route-filter 209.27.64.0/18 exact;
route-filter 208.167.128.0/18 exact;
route-filter 64.37.192.0/18 exact;
route-filter 206.96.0.0/18 exact;
route-filter 206.29.192.0/18 exact;
route-filter 206.154.64.0/18 exact;
route-filter 64.70.0.0/18 exact;
route-filter 208.131.192.0/18 exact;
route-filter 63.136.0.0/18 exact;
route-filter 64.75.0.0/18 exact;
route-filter 208.166.64.0/18 exact;
route-filter 209.83.128.0/17 exact;
route-filter 207.50.0.0/17 exact;
route-filter 167.216.128.0/17 exact;
route-filter 146.135.0.0/17 exact;
route-filter 205.217.0.0/17 exact;
route-filter 208.168.0.0/17 exact;
route-filter 206.28.0.0/17 exact;
route-filter 206.29.0.0/17 exact;
route-filter 208.169.128.0/17 exact;
route-filter 206.154.128.0/17 exact;
route-filter 166.49.0.0/17 exact;
route-filter 207.2.128.0/17 exact;
route-filter 206.97.128.0/17 exact;
route-filter 205.140.0.0/17 exact;
route-filter 206.153.128.0/17 exact;
route-filter 208.132.128.0/17 exact;
route-filter 208.163.128.0/17 exact;
route-filter 206.96.128.0/17 exact;
route-filter 208.173.0.0/17 exact;
route-filter 209.102.0.0/17 exact;
route-filter 208.175.0.0/17 exact;
route-filter 63.136.128.0/17 exact;
route-filter 209.25.0.0/17 exact;
route-filter 208.157.0.0/17 exact;
route-filter 208.166.128.0/17 exact;
route-filter 67.54.0.0/17 exact;
route-filter 64.41.128.0/17 exact;
route-filter 209.27.128.0/17 exact;
route-filter 206.151.128.0/17 exact;
route-filter 208.167.0.0/17 exact;
route-filter 204.188.0.0/17 exact;
route-filter 206.24.0.0/17 exact;
route-filter 208.131.0.0/17 exact;
route-filter 216.136.128.0/17 exact;
route-filter 206.99.128.0/17 exact;
route-filter 204.189.0.0/16 exact;
route-filter 206.79.0.0/16 exact;
route-filter 208.162.0.0/16 exact;
route-filter 207.82.0.0/16 exact;
route-filter 207.149.0.0/16 exact;
route-filter 209.176.0.0/16 exact;
route-filter 206.142.0.0/16 exact;
route-filter 205.136.0.0/16 exact;
route-filter 64.14.0.0/16 exact;
route-filter 207.124.0.0/16 exact;
route-filter 207.3.0.0/16 exact;
route-filter 209.1.0.0/16 exact;
route-filter 208.156.0.0/16 exact;
route-filter 206.129.0.0/16 exact;
route-filter 208.139.0.0/16 exact;
route-filter 209.223.0.0/16 exact;
route-filter 209.144.0.0/16 exact;
route-filter 209.185.0.0/16 exact;
route-filter 206.98.0.0/16 exact;
route-filter 206.150.0.0/16 exact;
route-filter 206.152.0.0/16 exact;
route-filter 209.67.0.0/16 exact;
route-filter 206.155.0.0/16 exact;
route-filter 207.51.0.0/16 exact;
route-filter 208.130.0.0/16 exact;
route-filter 63.137.0.0/16 exact;
route-filter 206.25.0.0/16 exact;
route-filter 208.133.0.0/16 exact;
route-filter 165.193.0.0/16 exact;
route-filter 167.215.0.0/16 exact;
route-filter 208.172.0.0/16 exact;
route-filter 205.216.0.0/16 exact;
route-filter 208.174.0.0/16 exact;
route-filter 207.48.0.0/15 exact;
route-filter 208.160.0.0/15 exact;
route-filter 63.128.0.0/15 exact;
route-filter 208.164.0.0/15 exact;
route-filter 204.70.0.0/15 exact;
route-filter 206.156.0.0/15 exact;
route-filter 208.158.0.0/15 exact;
route-filter 208.170.0.0/15 exact;
route-filter 208.134.0.0/15 exact;
route-filter 206.30.0.0/15 exact;
route-filter 208.136.0.0/15 exact;
route-filter 66.100.0.0/15 exact;
route-filter 208.128.0.0/15 exact;
route-filter 205.218.0.0/15 exact;
route-filter 207.0.0.0/15 exact;
route-filter 205.138.0.0/15 exact;
route-filter 206.26.0.0/15 exact;
route-filter 206.100.0.0/14 exact;
route-filter 216.88.0.0/14 exact;
route-filter 64.240.0.0/14 exact;
route-filter 208.140.0.0/14 exact;
route-filter 216.32.0.0/14 exact;
route-filter 208.152.0.0/14 exact;
route-filter 208.144.0.0/13 exact;
}
then accept;
}
term two {
then reject;
}
}
policy-statement deny-all {
then reject;
}
policy-statement set-customer-non-transit-local-pref-US {
term delete-community {
then {
community delete delete-cw-comm;
next term;
}
}
term comm-70 {
from community comm-70;
then {
local-preference 70;
community add comm-US-customer;
community add comm-no-peer;
next policy;
}
}
term comm-80 {
from community comm-80;
then {
local-preference 80;
community add comm-US-customer;
community add comm-no-peer;
next policy;
}
}
term comm-90 {
from community comm-90;
then {
local-preference 90;
community add comm-US-customer;
community add comm-no-peer;
next policy;
}
}
term comm-100 {
then {
local-preference 100;
community add comm-US-customer;
community add comm-no-peer;
next policy;
}
}
}
policy-statement ddostracking2 {
from community dos-victim2;
then destination-class dos-victim2;
}
policy-statement ddostracking3 {
from community dos-victim3;
then destination-class dos-victim3;
}
policy-statement set-customer-private-ASN-non-transit-local-pref {
term delete-community {
then {
community delete delete-cw-comm;
next term;
}
}
term comm-70 {
from community comm-70;
then {
local-preference 70;
community add comm-no-peer;
next policy;
}
}
term comm-80 {
from community comm-80;
then {
local-preference 80;
community add comm-no-peer;
next policy;
}
}
term comm-90 {
from community comm-90;
then {
local-preference 90;
community add comm-no-peer;
next policy;
}
}
term comm-100 {
then {
local-preference 100;
community add comm-no-peer;
next policy;
}
}
}
policy-statement set-customer-private-ASN-local-pref {
term delete-community {
then {
community delete delete-cw-comm;
next term;
}
}
term comm-70 {
from community comm-70;
then {
local-preference 70;
next policy;
}
}
term comm-80 {
from community comm-80;
then {
local-preference 80;
next policy;
}
}
term comm-90 {
from community comm-90;
then {
local-preference 90;
next policy;
}
}
term comm-100 {
then {
local-preference 100;
next policy;
}
}
}
policy-statement export-customer-routes-GB {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-GB-customer;
then {
community delete comm-wild;
accept;
}
}
term comm-peer {
from community [ comm-peer comm-customer ];
then reject;
}
then {
community delete comm-wild;
next policy;
}
}
policy-statement export-customer-routes-GB-comm {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-GB-customer;
then accept;
}
term comm-peer {
from community [ comm-peer comm-customer ];
then reject;
}
then next policy;
}
policy-statement set-customer-local-pref-GB {
term delete-community {
then {
community delete delete-cw-comm;
next term;
}
}
term comm-70 {
from community comm-70;
then {
local-preference 70;
community add comm-GB-customer;
next policy;
}
}
term comm-80 {
from community comm-80;
then {
local-preference 80;
community add comm-GB-customer;
next policy;
}
}
term comm-90 {
from community comm-90;
then {
local-preference 90;
community add comm-GB-customer;
next policy;
}
}
term comm-100 {
then {
local-preference 100;
community add comm-GB-customer;
next policy;
}
}
}
policy-statement export-customer-routes-REU {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-REU-customer;
then {
community delete comm-wild;
accept;
}
}
term comm-peer {
from community [ comm-peer comm-customer ];
then reject;
}
then {
community delete comm-wild;
next policy;
}
}
policy-statement export-customer-routes-REU-comm {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-customer {
from community comm-REU-customer;
then accept;
}
term comm-peer {
from community [ comm-peer comm-customer ];
then reject;
}
then next policy;
}
policy-statement set-peer-local-pref-100-REU {
then {
local-preference 100;
community set comm-REU-peer;
}
}
policy-statement set-peer-local-pref-REU {
then {
metric 128;
local-preference 80;
community set comm-REU-peer;
}
}
policy-statement set-customer-non-transit-local-pref-GB {
term delete-community {
then {
community delete delete-cw-comm;
next term;
}
}
term comm-70 {
from community comm-70;
then {
local-preference 70;
community add comm-GB-customer;
community add comm-no-peer;
next policy;
}
}
term comm-80 {
from community comm-80;
then {
local-preference 80;
community add comm-GB-customer;
community add comm-no-peer;
next policy;
}
}
term comm-90 {
from community comm-90;
then {
local-preference 90;
community add comm-GB-customer;
community add comm-no-peer;
next policy;
}
}
term comm-100 {
then {
local-preference 100;
community add comm-GB-customer;
community add comm-no-peer;
next policy;
}
}
}
policy-statement announce-local {
term reject-default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term announce-local {
from {
route-filter 213.174.192.0/25 exact;
route-filter 213.174.192.208/29 exact;
route-filter 213.174.192.216/29 exact;
route-filter 213.174.193.0/28 exact;
route-filter 213.174.195.0/26 exact;
route-filter 213.174.195.112/28 exact;
route-filter 213.174.195.128/28 exact;
route-filter 213.174.195.176/28 exact;
route-filter 213.174.195.224/28 exact;
route-filter 213.174.196.0/28 exact;
route-filter 213.174.196.16/28 exact;
route-filter 213.174.196.32/28 exact;
route-filter 213.174.196.64/28 exact;
route-filter 213.174.196.96/28 exact;
route-filter 213.174.196.160/28 exact;
route-filter 213.174.196.176/28 exact;
route-filter 213.174.196.224/29 exact;
route-filter 213.174.196.240/28 exact;
route-filter 213.174.198.0/27 exact;
route-filter 213.174.198.32/27 exact;
route-filter 213.174.198.64/27 exact;
route-filter 213.174.198.192/29 exact;
route-filter 213.174.198.208/28 exact;
route-filter 213.174.198.240/29 exact;
route-filter 213.174.199.0/27 exact;
route-filter 213.174.199.64/27 exact;
route-filter 213.174.199.96/28 exact;
route-filter 213.174.199.128/29 exact;
route-filter 213.174.199.144/29 exact;
route-filter 213.174.199.160/27 exact;
route-filter 213.174.200.0/28 exact;
route-filter 213.174.200.80/28 exact;
route-filter 213.174.200.128/29 exact;
route-filter 213.174.200.144/28 exact;
route-filter 213.174.200.192/27 exact;
route-filter 213.174.201.96/28 exact;
route-filter 213.174.201.128/25 exact;
route-filter 213.174.202.160/27 exact;
route-filter 213.174.205.0/24 exact;
route-filter 213.174.207.116/32 exact;
route-filter 213.174.198.128/27 exact;
route-filter 213.174.199.224/27 exact;
route-filter 213.174.195.64/29 exact;
route-filter 213.174.202.128/27 exact;
route-filter 213.174.197.176/28 exact;
route-filter 213.174.200.32/28 exact;
route-filter 213.174.202.0/25 exact;
route-filter 212.124.244.0/26 exact;
route-filter 165.193.172.72/30 exact;
route-filter 213.174.195.72/29 exact;
route-filter 213.174.192.144/28 exact;
route-filter 213.174.200.224/28 exact;
route-filter 213.174.203.224/27 exact;
route-filter 213.174.196.232/29 exact;
route-filter 206.24.172.80/30 exact;
route-filter 213.174.197.240/28 exact;
route-filter 213.174.197.0/25 exact;
route-filter 212.117.224.192/26 exact;
route-filter 213.174.198.252/32 exact;
route-filter 213.174.198.253/32 exact;
route-filter 212.124.227.48/28 exact;
route-filter 212.124.251.160/28 exact;
route-filter 82.118.66.0/24 exact;
route-filter 82.118.67.0/24 exact;
route-filter 82.118.65.112/28 exact;
route-filter 213.174.199.48/29 exact;
route-filter 82.118.65.192/26 exact;
route-filter 82.118.71.0/27 exact;
route-filter 82.118.95.96/27 exact;
route-filter 212.124.251.176/28 exact;
route-filter 213.174.200.16/28 exact;
route-filter 212.117.224.0/26 exact;
route-filter 212.124.226.88/29 exact;
route-filter 82.118.71.64/26 exact;
route-filter 213.174.198.192/28 exact;
route-filter 206.24.172.144/28 exact;
route-filter 82.118.70.0/24 exact;
route-filter 82.118.65.104/29 exact;
route-filter 82.118.65.96/29 exact;
route-filter 212.124.252.112/28 exact;
route-filter 212.124.253.32/28 exact;
route-filter 206.24.172.192/26 exact;
route-filter 206.24.172.128/30 exact;
route-filter 206.24.172.132/30 exact;
route-filter 206.24.172.136/30 exact;
route-filter 212.124.227.160/27 exact;
route-filter 212.124.239.192/27 exact;
route-filter 212.117.224.112/28 exact;
route-filter 212.124.240.0/28 exact;
route-filter 216.219.74.0/23 exact;
route-filter 212.124.240.176/28 exact;
route-filter 212.124.236.32/29 exact;
route-filter 212.124.224.64/28 exact;
route-filter 212.124.241.208/28 exact;
route-filter 213.174.193.128/27 exact;
route-filter 212.124.241.240/28 exact;
route-filter 213.174.192.0/19 exact;
}
then {
next-hop self;
accept;
}
}
term backup-static {
from {
route-filter 213.174.195.80/28 exact;
route-filter 213.174.196.128/28 exact;
route-filter 213.174.196.192/28 exact;
route-filter 213.174.197.208/28 exact;
route-filter 213.174.200.96/28 exact;
route-filter 213.174.201.0/28 exact;
route-filter 213.174.201.32/32 exact;
route-filter 213.174.201.64/32 exact;
route-filter 213.174.202.192/27 exact;
route-filter 213.174.202.224/28 exact;
route-filter 213.174.197.128/27 exact;
route-filter 192.168.0.1/32 exact;
}
then {
local-preference 90;
next-hop self;
accept;
}
}
from {
route-filter 213.174.203.192/28 exact;
route-filter 213.174.198.184/29 exact;
route-filter 213.174.198.160/28 exact;
route-filter 213.174.196.112/28 exact;
route-filter 213.174.198.176/29 exact;
}
}
policy-statement deny-default {
term one {
from {
route-filter 0.0.0.0/0 exact reject;
}
}
}
policy-statement isis-tag {
term one {
from {
protocol isis;
tag 120;
}
then accept;
}
term two {
then reject;
}
}
policy-statement redistribute-direct {
term one {
from protocol direct;
then accept;
}
then reject;
}
policy-statement AS65530-DDoS {
term accept-DDoS {
from {
community dos-victim1;
route-filter 165.193.172.96/27 orlonger;
}
then {
local-preference 100;
community delete delete-cw-comm;
next-hop 206.24.194.51;
accept;
}
}
term next-policy {
then next policy;
}
}
policy-statement AS65530 {
term accept-prefix {
from {
route-filter 165.193.172.96/27 exact accept;
}
then accept;
}
term reject-rest {
then reject;
}
}
policy-statement set-comm-shasta {
term cntx04 {
from as-path shasta-cntx04;
then {
community set comm-shasta-cntx04;
next policy;
}
}
term shasta-cntx11 {
from as-path shasta-cntx11;
then {
community set comm-shasta-cntx11;
next policy;
}
}
term shasta-cntx12 {
from as-path shasta-cntx12;
then {
community set comm-shasta-cntx12;
next policy;
}
}
term shasta-cntx13 {
from as-path shasta-cntx13;
then {
community set comm-shasta-cntx13;
next policy;
}
}
term shasta-cntx14 {
from as-path shasta-cntx14;
then {
community set comm-shasta-cntx14;
next policy;
}
}
term shasta-cntx32 {
from as-path shasta-cntx32;
then {
community set comm-shasta-cntx32;
next policy;
}
}
}
policy-statement prefix-shasta {
term 10 {
from {
route-filter 82.118.93.0/24 orlonger;
route-filter 212.124.236.48/28 exact;
}
then {
damping none;
accept;
}
}
then reject;
}
policy-statement block-general-ldp-routes {
term one {
from {
route-filter 208.174.15.0/24 orlonger;
route-filter 209.83.159.0/24 orlonger;
}
then accept;
}
term two {
then reject;
}
}
policy-statement export-sec-loopback {
term one {
from {
route-filter 208.174.15.156/32 exact;
}
then accept;
}
term two {
then reject;
}
}
policy-statement DDoS {
term accept-DDoS {
from community dos-victim1;
then {
local-preference 100;
community delete delete-cw-comm;
next-hop 206.24.194.51;
accept;
}
}
term next-policy {
then next policy;
}
}
policy-statement export-peer-routes {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-peer {
from community comm-peer;
then {
community delete comm-wild;
accept;
}
}
term comm-customer {
from community comm-customer;
then reject;
}
then reject;
}
policy-statement export-peer-routes-comm {
term AS4293 {
from {
as-path as4293-routes;
policy find-specifics;
}
then reject;
}
term comm-peer {
from community comm-peer;
then accept;
}
term comm-customer {
from community comm-customer;
then reject;
}
then reject;
}
community AS2828-0 members 3561:30030;
community AS2828-1 members 3561:30031;
community AS2828-2 members 3561:30032;
community AS2828-3 members 3561:30033;
community AS2828-9 members 3561:30039;
community comm-70 members 3561:70;
community comm-80 members 3561:80;
community comm-90 members 3561:90;
community comm-GB-customer members 3561:12826;
community comm-REU-customer members 3561:12...;
community comm-REU-peer members 3561:22000;
community comm-RNA-customer members 3561:11...;
community comm-RNA-peer members 3561:21000;
community comm-US-customer members 3561:11840;
community comm-announce-only members 3561:30..9;
community comm-customer members 3561:1....;
community comm-no-export members no-export;
community comm-no-peer members 3561:30000;
community comm-peer members 3561:2....;
community comm-shasta-cntx04 members 3561:65090;
community comm-shasta-cntx11 members 3561:65091;
community comm-shasta-cntx12 members 3561:65092;
community comm-shasta-cntx13 members 3561:65093;
community comm-shasta-cntx14 members 3561:65094;
community comm-shasta-cntx32 members 3561:65095;
community comm-wild members *:*;
community delete-cw-comm members [ 3561:1.* 3561:2.* 3561:700 3561:701 ];
community dos-victim1 members 3561:666;
community dos-victim2 members 3561:700;
community dos-victim3 members 3561:701;
community guard-DDoS members 3561:6157;
as-path private-as ".* 64512-65535+ .*";
as-path swamp ".*(174|209|701|702|1239|1299|1668|2828|2914|3257|3300|3320|3356|3549|5511|6461|6762|7018|7132|8220).*";
as-path as4293-routes ".*(4293|64512-65535).*";
as-path shasta-cntx04 65090;
as-path shasta-cntx11 65091;
as-path shasta-cntx12 65092;
as-path shasta-cntx13 65093;
as-path shasta-cntx14 65094;
as-path shasta-cntx32 65095;
damping cisco {
reuse 1500;
suppress 4001;
}
damping none {
disable;
}
}
firewall {
policer limit-ssh {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 15k;
}
then discard;
}
policer limit-snmp {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}
policer limit-udp {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 15k;
}
then discard;
}
policer limit-ntp {
if-exceeding {
bandwidth-limit 500k;
burst-size-limit 15k;
}
then discard;
}
policer limit-syn {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}
policer limit-traceroutes {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 15k;
}
then discard;
}
policer limit-ddos {
if-exceeding {
bandwidth-limit 2m;
burst-size-limit 15k;
}
then discard;
}
policer limit-icmp {
if-exceeding {
bandwidth-limit 20m;
burst-size-limit 2m;
}
then discard;
}
policer limit-management {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 1m;
}
then discard;
}
filter deny-non-routable {
term block_nonroutable {
from {
source-prefix-list {
non-routable-list;
}
}
then {
count non-routable-packets;
discard;
}
}
term first {
then {
count cflowd-stat;
sample;
next term;
}
}
term last {
then accept;
}
}
filter ACL10 {
term NTP_accept {
from {
source-prefix-list {
ntp-list;
}
protocol udp;
port ntp;
}
then {
policer limit-management;
accept;
}
}
term BGP_SYN_accept {
from {
source-prefix-list {
bgp-list;
}
protocol tcp;
port bgp;
tcp-initial;
}
then {
policer limit-syn;
accept;
}
}
term BGP_accept {
from {
source-prefix-list {
bgp-list;
}
protocol tcp;
port bgp;
}
then accept;
}
term SSH_accept {
from {
source-prefix-list {
core-list;
host-list;
}
protocol tcp;
port ssh;
}
then {
policer limit-management;
accept;
}
}
term SSH_deny {
from {
protocol tcp;
port ssh;
}
then {
count SSH_deny;
syslog;
discard;
}
}
term SNMP_accept {
from {
source-prefix-list {
snmp-list;
}
protocol udp;
port snmp;
}
then {
policer limit-management;
accept;
}
}
term MSDP_accept {
from {
source-prefix-list {
msdp-list;
}
protocol tcp;
port [ 639 679 ];
}
then {
policer limit-management;
accept;
}
}
term LDP_accept {
from {
source-prefix-list {
ldp-list;
}
protocol [ tcp udp ];
port ldp;
}
then {
policer limit-management;
accept;
}
}
term DNS_accept {
from {
source-prefix-list {
dns-list;
}
protocol udp;
port 53;
}
then {
policer limit-management;
accept;
}
}
term RADIUS_accept {
from {
source-prefix-list {
radius-list;
}
protocol [ udp tcp ];
source-port radius;
}
then {
policer limit-management;
accept;
}
}
term IGMP_accept {
from {
destination-address {
224.0.0.0/24;
}
protocol igmp;
}
then {
policer limit-management;
accept;
}
}
term VRRP_accept {
from {
destination-address {
224.0.0.18/32;
}
protocol vrrp;
}
then {
policer limit-management;
accept;
}
}
term RIP_accept {
from {
destination-address {
224.0.0.9/32;
}
protocol udp;
port 520;
}
then {
policer limit-management;
accept;
}
}
term OSPF_accept {
from {
protocol ospf;
}
then {
policer limit-management;
accept;
}
}
term PIM {
from {
protocol pim;
}
then {
policer limit-management;
accept;
}
}
term RSVP {
from {
protocol rsvp;
}
then {
policer limit-management;
accept;
}
}
term no-ICMP-source-quench {
from {
protocol icmp;
icmp-type source-quench;
}
then {
discard;
}
}
term ICMP {
from {
protocol icmp;
}
then {
policer limit-icmp;
accept;
}
}
term traceroutes {
from {
protocol udp;
destination-port 33434-33523;
}
then {
policer limit-management;
accept;
}
}
term everything-else {
then {
count deny_everything;
syslog;
discard;
}
}
term TELNET_deny {
from {
protocol tcp;
port telnet;
}
then {
count TELNET_deny;
syslog;
discard;
}
}
term LDP_need_to_fix {
from {
protocol [ tcp udp ];
port ldp;
}
then {
policer limit-management;
count LDP_bogus;
syslog;
accept;
}
}
}
filter IDS-ZYNAPCOLO-TO-NET-ANTI-SPOOF {
term Permit-Established {
from {
source-address {
213.174.199.208/29;
}
tcp-established;
}
then {
count tcp-established;
accept;
}
}
term Permit-112 {
from {
source-address {
213.174.199.208/29;
}
destination-address {
224.0.0.0/24;
}
protocol 112;
}
then {
count Multi;
accept;
}
}
term Permit-563x {
from {
source-address {
213.174.199.208/29;
}
destination-address {
62.55.0.0/16;
80.177.32.8/29;
212.124.224.56/29;
}
protocol [ udp tcp ];
port 5631-5632;
}
then {
count 563x;
accept;
}
}
term Permit-WWW {
from {
source-address {
213.174.199.208/29;
}
protocol tcp;
port http;
}
then {
count WWW;
accept;
}
}
term Deny-SNMP {
from {
source-address {
213.174.199.208/29;
}
destination-address {
213.174.199.208/29;
}
protocol [ udp tcp ];
port [ 161 162 ];
}
then {
count SNMP;
reject;
}
}
term Permit-Destinations {
from {
source-address {
213.174.199.208/29;
}
destination-address {
213.174.199.208/29;
}
}
then {
count Permitted;
accept;
}
}
term Permit-ntp {
from {
source-address {
213.174.199.208/29;
}
destination-address {
213.174.195.20/31;
}
protocol udp;
port ntp;
}
then {
count NTP;
accept;
}
}
term Permit-DNS {
from {
source-address {
213.174.199.208/29;
}
destination-address {
213.174.195.20/30;
}
protocol [ udp tcp ];
port domain;
}
then {
count DNS;
accept;
}
}
term Permit-Multi2 {
from {
source-address {
213.174.199.208/29;
}
destination-address {
224.0.0.0/24;
}
protocol udp;
}
then {
count MULTI2;
accept;
}
}
term Permit-Ftp {
from {
source-address {
213.174.199.208/29;
}
protocol tcp;
port ftp-data;
}
then {
count FTP;
accept;
}
}
term Deny-ALL {
then {
count Denied;
reject;
}
}
}
filter NET-TO-IDS-ZYNAPCOLO-ANTI-SPOOF {
term Permit-Established {
from {
tcp-established;
}
then {
count tcp-established;
accept;
}
}
term Permit-563x {
from {
source-address {
62.55.0.0/16;
80.177.32.8/29;
212.124.224.56/29;
}
destination-address {
213.174.199.208/29;
}
protocol [ udp tcp ];
port 5631-5632;
}
then {
count 563x;
accept;
}
}
term Permit-Various-TCP {
from {
destination-address {
213.174.199.208/29;
}
protocol tcp;
port [ 389 522 4000 4001 smtp ftp 2000 2001 3389 http 443 ];
}
then {
count various;
accept;
}
}
term Permit-Various-UDP {
from {
destination-address {
213.174.199.208/29;
}
protocol udp;
port [ domain ntp 30000-65535 ];
}
then {
count UDP;
accept;
}
}
term Permit-ICMP {
from {
source-address {
10.83.251.20/30;
}
destination-address {
213.174.199.208/29;
}
protocol icmp;
}
then {
count ICMP;
accept;
}
}
term Deny-ALL {
then {
count denied;
reject;
}
}
}
filter IDS-BANDQCOLO-TO-NET-ANTI-SPOOF {
term one {
from {
tcp-established;
}
then accept;
}
term two {
from {
source-address {
10.83.54.160/29;
}
destination-address {
10.83.54.160/29;
}
protocol udp;
port [ snmp snmptrap ];
}
then {
count snmp-snmptrap;
discard;
}
}
term three {
from {
source-address {
10.83.54.160/29;
}
destination-address {
10.83.54.160/29;
}
protocol tcp;
port [ 161 162 ];
}
then {
count 161-162;
discard;
}
}
term four {
from {
source-address {
10.83.54.160/29;
}
destination-address {
213.174.195.20/30;
}
protocol udp;
port domain;
}
then accept;
}
term five {
from {
source-address {
10.83.54.160/29;
}
destination-address {
213.174.195.20/30;
}
protocol udp;
source-port domain;
destination-port [ 1023-65530 1023-65535 ];
}
then accept;
}
term six {
from {
source-address {
10.83.54.160/29;
}
destination-address {
213.174.195.20/31;
}
protocol udp;
port ntp;
}
then accept;
}
term seven {
from {
source-address {
10.83.54.160/29;
}
destination-address {
213.174.195.20/31;
}
protocol udp;
source-port ntp;
destination-port 1023-65535;
}
then accept;
}
term eight {
from {
source-address {
10.83.54.160/29;
}
destination-address {
224.0.0.0/24;
}
protocol udp;
}
then accept;
}
term nine {
from {
source-address {
10.83.54.160/29;
}
destination-address {
10.83.54.160/29;
}
}
then accept;
}
term ten {
from {
source-address {
10.83.54.160/29;
}
}
then accept;
}
term eleven {
from {
source-address {
213.174.195.64/29;
}
}
then accept;
}
term twelve {
from {
source-address {
213.174.202.128/27;
}
}
then accept;
}
term thirteen {
then {
discard;
}
}
}
filter NET-TO-IDS-INEXTCOLO-ANTI-SPOOF {
term one {
from {
tcp-established;
}
then accept;
}
term two {
from {
source-address {
213.174.195.20/30;
}
destination-address {
213.174.199.112/29;
}
protocol udp;
port domain;
}
then accept;
}
term three {
from {
source-address {
213.174.195.20/30;
}
destination-address {
213.174.199.112/29;
}
protocol udp;
source-port domain;
destination-port 1023-65535;
}
then accept;
}
term four {
from {
source-address {
213.174.195.20/31;
}
destination-address {
213.174.199.112/29;
}
port ntp;
}
then accept;
}
term five {
from {
source-address {
213.174.195.20/31;
}
destination-address {
213.174.199.112/29;
}
protocol udp;
source-port ntp;
destination-port 1023-65535;
}
then accept;
}
term six {
from {
destination-address {
213.174.199.112/29;
}
}
then accept;
}
term seven {
from {
destination-address {
213.174.199.224/27;
}
}
then accept;
}
term eight {
from {
destination-address {
213.174.198.128/27;
}
}
then accept;
}
term nine {
then {
discard;
}
}
}
filter IDS-INCHCAPECOLO-TO-NET-ANTI-SPOOF {
term one {
from {
tcp-established;
}
then {
count tcp-established;
accept;
}
}
term two {
from {
source-address {
213.174.199.112/29;
}
destination-address {
224.0.0.0/24;
}
port 112;
}
then {
count 112;
accept;
}
}
term three {
from {
source-address {
213.174.203.0/26;
}
destination-address {
213.174.203.0/26;
}
protocol udp;
port [ snmp snmptrap ];
}
then {
count snmp-snmptrap;
discard;
}
}
term four {
from {
source-address {
213.174.203.0/26;
}
destination-address {
213.174.203.0/26;
}
protocol tcp;
port [ 161 162 ];
}
then {
count 161-162;
discard;
}
}
term five {
from {
destination-address {
213.174.203.0/26;
}
protocol udp;
port domain;
}
then {
count domain;
accept;
}
}
term six {
from {
source-address {
213.174.203.0/26;
}
destination-address {
213.174.195.20/30;
}
protocol udp;
source-port domain;
destination-port 1023-65535;
}
then {
count domain-to-1023-65535;
accept;
}
}
term seven {
from {
source-address {
213.174.203.0/26;
}
destination-address {
213.174.195.20/30;
}
protocol udp;
port ntp;
}
then {
count ntp;
accept;
}
}
term eight {
from {
source-address {
213.174.203.0/26;
}
destination-address {
213.174.195.20/30;
}
protocol udp;
source-port ntp;
destination-port 1023-65535;
}
then {
count ntp-to-1023-65535;
accept;
}
}
term nine {
from {
source-address {
213.174.203.0/26;
}
destination-address {
224.0.0.0/24;
}
protocol udp;
}
then {
count udp;
accept;
}
}
term ten {
from {
source-address {
213.174.203.0/26;
}
destination-address {
213.174.203.0/26;
}
}
then {
count ip;
accept;
}
}
term eleven {
from {
source-address {
213.174.203.0/26;
}
destination-address {
0.0.0.0/0;
}
}
then {
count ip-any;
accept;
}
}
term twelve {
from {
source-address {
0.0.0.0/0;
}
destination-address {
0.0.0.0/0;
}
}
then {
count discard;
discard;
}
}
}
filter ACL109 {
term one {
from {
tcp-established;
}
then {
count tcp-established;
accept;
}
}
term two {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.194.0/26;
}
protocol esp;
}
then {
count esp;
accept;
}
}
term three {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.194.0/26;
}
protocol ah;
}
then {
count ah;
accept;
}
}
term four {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.194.0/26;
}
protocol udp;
source-port 1531;
destination-port 500;
}
then {
count isakmp;
accept;
}
}
term five {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.194.0/26;
}
protocol udp;
port 10001;
}
then {
count 10001;
accept;
}
}
term six {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.194.0/26;
}
protocol gre;
}
then {
count gre;
accept;
}
}
term seven {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.194.0/26;
}
protocol tcp;
port 1723;
}
then {
count 1723;
accept;
}
}
term eight {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.194.0/26;
}
protocol icmp;
}
then {
count icmp;
accept;
}
}
term nine {
from {
source-address {
0.0.0.0/0;
}
destination-address {
0.0.0.0/0;
}
}
then {
count deny-all;
discard;
}
}
}
filter NET-TO-IDS-INCHCAPECOLO-ANTI-SPOOF {
term one {
from {
tcp-established;
}
then {
count tcp-established;
accept;
}
}
term two {
from {
source-address {
213.174.195.20/30;
}
destination-address {
213.174.203.0/26;
}
protocol udp;
port domain;
}
then {
count domain;
accept;
}
}
term three {
from {
source-address {
213.174.195.20/30;
}
destination-address {
213.174.203.0/26;
}
protocol udp;
source-port domain;
destination-port 1023-65535;
}
then {
count domain-to-1023-65535;
accept;
}
}
term four {
from {
source-address {
213.174.195.20/30;
}
destination-address {
213.174.203.0/26;
}
protocol udp;
port ntp;
}
then {
count ntp;
accept;
}
}
term five {
from {
source-address {
213.174.195.20/30;
}
destination-address {
213.174.203.0/26;
}
protocol udp;
source-port ntp;
destination-port 1023-65535;
}
then {
count ntp-to-1023-65535;
accept;
}
}
term six {
from {
source-address {
0.0.0.0/0;
}
destination-address {
213.174.203.0/26;
}
}
then {
count ip-any;
accept;
}
}
term seven {
from {
source-address {
0.0.0.0/0;
}
destination-address {
0.0.0.0/0;
}
}
then {
count discard;
discard;
}
}
}
filter IDS-INEXTCOLO-TO-NET-ANTI-SPOOF {
term one {
from {
tcp-established;
}
then accept;
}
term two {
from {
source-address {
213.174.199.112/29;
}
destination-address {
224.0.0.0/24;
}
protocol 112;
}
then accept;
}
term three {
from {
source-address {
213.174.199.112/29;
}
destination-address {
213.174.199.112/29;
}
protocol udp;
port [ snmp snmptrap ];
}
then {
discard;
}
}
term four {
from {
source-address {
213.174.199.112/29;
}
destination-address {
213.174.199.112/29;
}
protocol tcp;
port [ 161 162 ];
}
then {
discard;
}
}
term five {
from {
source-address {
213.174.199.112/29;
}
destination-address {
213.174.195.20/30;
}
protocol udp;
port domain;
}
then accept;
}
term six {
from {
source-address {
213.174.199.112/29;
}
destination-address {
213.174.195.20/30;
}
source-port domain;
destination-port 1023-65535;
}
then accept;
}
term seven {
from {
source-address {
213.174.199.112/29;
}
destination-address {
213.174.195.20/31;
}
protocol udp;
port ntp;
}
then accept;
}
term eight {
from {
source-address {
213.174.199.112/29;
}
destination-address {
213.174.195.20/31;
}
protocol udp;
source-port ntp;
destination-port 1023-65535;
}
then accept;
}
term nine {
from {
source-address {
213.174.199.112/29;
}
destination-address {
224.0.0.0/24;
}
protocol udp;
}
then accept;
}
term ten {
from {
source-address {
213.174.199.112/29;
}
destination-address {
213.174.199.112/29;
}
}
then accept;
}
term eleven {
from {
source-address {
213.174.199.112/29;
}
}
then accept;
}
term twelve {
from {
source-address {
213.174.199.224/27;
}
}
then accept;
}
term thirteen {
from {
source-address {
213.174.198.128/27;
}
}
then accept;
}
term fourteen {
from {
destination-address {
213.174.199.114/32;
}
protocol tcp;
destination-port 445;
}
then {
discard;
}
}
term fifteen {
then {
discard;
}
}
}
filter uklond6_01_cntx04_egress {
term udp {
from {
protocol udp;
}
then {
count udp;
accept;
}
}
term icmp {
from {
protocol icmp;
}
then {
count icmp;
accept;
}
}
term protocol_0 {
from {
protocol 0;
}
then {
count protocol_0;
accept;
}
}
term protocol_255 {
from {
protocol 255;
}
then {
count protocol_255;
accept;
}
}
term port_135 {
from {
protocol tcp;
port 135;
}
then {
count port_135;
accept;
}
}
term port_137 {
from {
protocol tcp;
port 137;
}
then {
count port_137;
accept;
}
}
term port_139 {
from {
protocol tcp;
port 139;
}
then {
count port_139;
accept;
}
}
term port_445 {
from {
protocol tcp;
port 445;
}
then {
count port_445;
accept;
}
}
term port_1433 {
from {
protocol tcp;
port 1433;
}
then {
count port_1433;
accept;
}
}
term port_1434 {
from {
protocol tcp;
port 1434;
}
then {
count port_1434;
accept;
}
}
term tcp_syn {
from {
tcp-initial;
}
then {
count tcp-initial;
accept;
}
}
term everything_else {
then {
count the_rest;
accept;
}
}
}
filter uklond6_01_cntx04_ingress {
term udp {
from {
protocol udp;
}
then {
count udp;
accept;
}
}
term icmp {
from {
protocol icmp;
}
then {
count icmp;
accept;
}
}
term protocol_0 {
from {
protocol 0;
}
then {
count protocol_0;
accept;
}
}
term protocol_255 {
from {
protocol 255;
}
then {
count protocol_255;
accept;
}
}
term port_135 {
from {
protocol tcp;
port 135;
}
then {
count port_135;
accept;
}
}
term port_137 {
from {
protocol tcp;
port 137;
}
then {
count port_137;
accept;
}
}
term port_139 {
from {
protocol tcp;
port 139;
}
then {
count port_139;
accept;
}
}
term port_445 {
from {
protocol tcp;
port 445;
}
then {
count port_445;
accept;
}
}
term port_1433 {
from {
protocol tcp;
port 1433;
}
then {
count port_1433;
accept;
}
}
term port_1434 {
from {
protocol tcp;
port 1434;
}
then {
count port_1434;
accept;
}
}
term tcp_syn {
from {
tcp-initial;
}
then {
count tcp-initial;
accept;
}
}
term everything_else {
then {
count the_rest;
accept;
}
}
}
filter cflowd {
term cflowd-sample {
then {
count cflowd-stat;
sample;
accept;
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink