! All the same as zebra.conf
!
hostname dfault
password klfzebra3
enable password klfzebra3
!log file /var/log/zebra.log
!log record-priority
log stdout

!ip route 10.0.0.0/8 10.102.222.6

!service advanced-vty
! service password-encryption
!interface eth0
!
!interface eth0
!    ip address 10.102.64.3/29
!    ip address 10.102.65.3/24 secondary
!
! =========== STATIC ROUTES ==========!
!ip route 192.168.185.0/29 192.168.166.156
!
!
!
! The way that the linux and BSD ip stacks handle multicast is different.
! The BSD's need a route to the multicast destinaton before they will send
! any packets.
!
! zebra dosn't know that it needs to add the routes it's self, so we add them as static routed
! pointing at5 the loopback interface (127.0.0.1)
!
!
! OSPF-ALL.MCAST.NET
ip route 224.0.0.5/32 127.0.0.1
!
! OSPF-DSIG.MCAST.NET
ip route 224.0.0.6/32 127.0.0.1
!
! RIP2-ROUTERS.MCAST.NET (ok, so we don't use rip, but we might as well have it here).
ip route 224.0.0.9/32 127.0.0.1
!
! Ok, this is important!
!
! The lines below define an access list called 'term' that only allows packets from
! 127.0.0.1 (i.e. the local machine), We use this to limit access to zebra it's self
! to the local machine.
!
! This means that zebra can only be reconfigured from the box it's running on.
!
! (i think the 'deny any' line is redundant - there is an explicit one at
! the end of any access-list)
!
access-list term permit 127.0.0.1/32
access-list term permit 10.253.32.250/32
access-list term permit 10.253.32.129/32	
access-list term deny any
!
! Here we apply the access list we just defined to the 'vty line' - now we
! can only log in from the bpox zebra is running on.
!
line vty
 access-class term
!
! Thats it!
end
