version 6.1R1.4; system { host-name cro1; domain-name gate.21c3.ccc.de; authentication-order password; name-server { 213.202.254.166; 131.188.3.2; } root-authentication { encrypted-password ""; # SECRET-DATA } login { user czmok { uid 2004; class superuser; authentication { encrypted-password ""; ssh-rsa ""; } } user blackwing { uid 2003; class superuser; authentication { encrypted-password ""; ssh-rsa ""; } } user alf { uid 2002; class superuser; authentication { encrypted-password ""; ssh-rsa ""; } } user cc { uid 2001; class superuser; authentication { encrypted-password ""; ssh-rsa ""; } } user swahl { uid 2000; class superuser; authentication { encrypted-password ""; ssh-rsa ""; } } } services { ssh { protocol-version v2; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } } } interfaces { ge-0/0/0 { vlan-tagging; link-mode full-duplex; description BCC_CONNECTION; unit 0 { description BCC_181; vlan-id 181; family inet { address ; filter { input protect-router; } } } unit 1 { description BCC_182; vlan-id 182; family inet { address ; filter { input protect-router; } } } } ge-0/1/0 { vlan-tagging; link-mode full-duplex; description DIRECT_CONGENT; unit 0 { description COGENTCO_183; vlan-id 183; family inet { address ; filter { input protect-router; } } } } ge-0/2/0 { vlan-tagging; link-mode full-duplex; description DIRECT_INTERROUTE21; unit 0 { description INTERROUTE21_184; vlan-id 184; family inet { address ; filter { input protect-router; } } } } ge-0/3/0 { vlan-tagging; link-mode full-duplex; description DIRECT_KPN-EURORINGS; unit 0 { description KPN-EURORINGS_185; vlan-id 185; family inet { address ; filter { input protect-router; } } } } ge-1/0/0 { vlan-tagging; link-mode full-duplex; description VIRTUAL_BACKUP_LINKS; unit 0 { description DHOSTING_187; vlan-id 187; family inet { address ; filter { input protect-router; } } } unit 1 { description LOGIVISION_188; vlan-id 188; family inet { address ; filter { input protect-router; } } } unit 2 { description BCIX_100; vlan-id 100; family inet { address ; filter { input protect-router; } } } unit 3 { description DECIX_188; vlan-id 188; family inet { address ; filter { input protect-router; } } } } fxp0 { disable; } lo0 { unit 0 { family inet { address 127.0.0.1/32; } } } } snmp { community "21c3!askme" { authorization read-only; clients { ; } } community "21c3!pollme { authorization read-only; clients { ; } } } routing-options { static { defaults { install; } # static route to BCC route 21C3/SERVER { next-hop BCC_CRO2_IP; # 21c3 server community 1000; } route 21C3/ORGA { next-hop BCC_CRO2_IP; # 21c3 orga community 1010; } route 21C3/HACKC { next-hop BCC_CRO2_IP; # 21c3 hackcenter community 1020; } } router-id CRO1_IP; autonomous-system 249; remove-private; # log-updown; } protocols { bgp { group berlikomm { type external; import anynet; export redist-own; peer-as 15563; neighbor 82.130.0.26 { description berlikomm-21c3; keep all; multipath; local-preference X; family inet { unicast; } } } group dhosting { type external; import anynet; export redist-own; peer-as 12732; neighbor 212.21.76.177 { description dhosting-20c3; family inet { unicast; } } neighbor 212.21.76.181 { description logivision-20c3; family inet { unicast; } } } } } policy-options { policy-statement anynet { term 10 { from { route-filter OURNET exact; } then reject; } term 20 { from { route-filter 0.0.0.0/0 orlonger; } then reject; term 100 { then accept; } } policy-statement redist-own { term 10 { from { protocol static; route-filter OURNET exact; } then accept; } term 20 { then reject; } } policy-statement redist-prepend { term 10 { from { route-filter OURNET exact; } then as-path-prepend "249 249 249"; } term 20 { then reject; } } policy-statement export-static { from protocol static; then accept; } } firewall { filter protect-router { interface-specific; term ssh { from { source-prefix-except 21c3/NOC; destination-address ROUTER-IP; destination-port ssh; } then reject; } term any { then accept; } } } }