! All the same as zebra.conf
!
hostname ostrovec
password klfzebra3
enable password klfzebra3
!log file /var/log/zebra.log
!log record-priority
log stdout
!service advanced-vty
! service password-encryption
!debug zebra events
!debug zebra kernel
!interface eth0
!
!
!
! Ok, this bit is critical for *BSD machines.
!
! The way that the linux and BSD ip stacks handle multicast is different.
! The BSD's need a route to the multicast destinaton before they will send
! any packets.
!
! zebra dosn't know that it needs to add the routes it's self, so we add them as static routed
! pointing at5 the loopback interface (127.0.0.1)
!
!
! OSPF-ALL.MCAST.NET
ip route 224.0.0.5/32 127.0.0.1
!
! OSPF-DSIG.MCAST.NET
ip route 224.0.0.6/32 127.0.0.1
!
! RIP2-ROUTERS.MCAST.NET (ok, so we don't use rip, but we might as well have it here).
ip route 224.0.0.9/32 127.0.0.1
!
! Ok, this is important!
!
! The lines below define an access list called 'term' that only allows packets from
! 127.0.0.1 (i.e. the local machine), We use this to limit access to zebra it's self
! to the local machine.
!
! This means that zebra can only be reconfigured from the box it's running on.
!
! (i think the 'deny any' line is redundant - there is an explicit one at
! the end of any access-list)
!
!access-list term permit 127.0.0.1/32
!access-list term deny any
!
! Here we apply the access list we just defined to the 'vty line' - now we
! can only log in from the bpox zebra is running on.
!
!line vty
! access-class term
!
! Thats it!
end
