!
! comments are lines starting with '!'
!
! Pretty simple - this machines hostname, used in the prompt...
!
hostname zebra
! encrypted passwords end up on the two lines below
password fish
enable password fish
!
! Log files.
!
log file /var/log/zebra.log
log record-priority
!
! This gives us command line completion and command history.
!
service advanced-vty
!
! Encrypt the passwords in this file, nice ;-)
!
service password-encryption
!
! These two give us a bit more logging, switch them off if you like.
!
debug zebra events
debug zebra kernel
!
! No interfaces in the bootstrap config
!
! Ok, this bit is critical for *BSD machines.
!
! The way that the linux and BSD ip stacks handle multicast is different.
! The BSD's need a route to the multicast destinaton before they will send
! any packets.
!
! zebra dosn't know that it needs to add the routes it's self, so we add them as static routed
! pointing at5 the loopback interface (127.0.0.1)
!
!
! OSPF-ALL.MCAST.NET
ip route 224.0.0.5/32 127.0.0.1
!
! OSPF-DSIG.MCAST.NET
ip route 224.0.0.6/32 127.0.0.1
!
! RIP2-ROUTERS.MCAST.NET (ok, so we don't use rip, but we might as well have it here).
ip route 224.0.0.9/32 127.0.0.1
!
! Ok, this is important!
!
! The lines below define an access list called 'term' that only allows packets from
! 127.0.0.1 (i.e. the local machine), We use this to limit access to zebra it's self
! to the local machine.
!
! This means that zebra can only be reconfigured from the box it's running on.
!
! (i think the 'deny any' line is redundant - there is an explicit one at
! the end of any access-list)
!
access-list term permit 127.0.0.1/32
access-list term deny any
!
! Here we apply the access list we just defined to the 'vty line' - now we
! can only log in from the bpox zebra is running on.
!
line vty
 access-class term
!
! Thats it!
!