6.2. Modules
As we stated before daemon can only run modules and they are doing all the job. Most modules are designed to specific application, only 'hostfile' can be used to create many different configs (and manage numerous services), ie. various firewall types. Module configuration parameters MUST be placed in appropriate instance section.
6.2.1. Modules list
Table 6-1. List of all lmsd modules
| Name | Description |
|---|---|
| system | Shell commands execution |
| parser | Universal T-Script scripts parser |
| dhcp | Configuration of DHCP server |
| cutoff | Disconnection of indebted users |
| dns | Configuration of DNS server |
| ethers | /etc/ethers file creation |
| hostfile | Universal module (eg. making iptables rules) |
| notify | Email notify about payments |
| ggnotify | Gadu-Gadu (polish internet messenger) notify about payments |
| payments | Payments accounting |
| oident | Configuration of oident daemon |
| tc | Making HTB rules |
| traffic | Internet link usage statistics |
| pinger | Users activity (online) scanning |
6.2.2. System
6.2.2.1. Description
This module does only one thing: it runs given Linux shell command or/and SQL query. It can be useful if you want to execute some command or run external script while configuration is being reload, eg. one of scripts in LMS /bin directory. SQL command is executed first.
6.2.2.2. Configuration
You can define command strings or SQL queries. Commands will be executed via shell, separated by semicolons:
sql
SQL command. Default: empty.
Example: command = 'DELETE FROM stats WHERE dt < %NOW% - 365*86400'
command
Shell command(s). Default: empty.
Example: command = 'echo -n "hello "; echo "world"'
6.2.3. Payments
6.2.3.1. Description
Module calculates subscription and solid fees for customers, basing on current date. It should be executed once a day. Payments are calculated basing on customers liabilities and written to database with description filled in 'comment' field. If appropriate, invoices are created. Description of solid payment is a combination of liability and creditor name. At the end outdated liabilities are being removed from database.
6.2.3.2. Configuration
You can use following options for this module:
comment
Description of operation. '%period' will be replaced by start and end date of subscription, e.g. '2003/10/10 - 2003/11/09', '%tariff' by name of liability, %month by full name of current month and %year by current year, %next_mon by next month in YYYY/MM format. Default: 'Subscription: '%tariff' for period: %period'.
Example: comment = 'Subscription %tariff'
settlement_comment
Description of settlement operation. '%period' will be replaced by start and end date of settlement period, e.g. '2003/10/20 - 2003/11/09', and '%tariff' by name of liability. Defaults to comment option.
Example: settlement_comment = 'Settlement of subscription %tariff'.
up_payments
How should period in comment be counted - forward or backward relatively to date of write out. Default: yes.
Example: up_payments = no
expiry_days
Defines number of days from date of liability expiration, after which that liability will be removed from database. When you set '0' data will be removed immediately after date of the write out. Default: 30.
Example: expiry_days = 365
deadline
Payment deadline in days. Default: 14.
Example: deadline = 21
paytype
Payment type identifier (1-cash, 2-transfer, 3-transfer/cash, 4-card, 5-compensation, 6-barter, 7-contract). Default: 2 (transfer).
Example: paytype = 1
numberplan
ID of invoices numbering plan defined in Configuration -> Numbering Plans. Default: 0 (default plan).
Example: numberplan = 1
check_invoices
Enables checking of invoices as accounted for customers with balance equal or greater than zero. Default: false.
Example: check_invoices = 1
networks
List of network names to restrinct customers for accounting. Default: empty (all networks).
Example: networks = "lan1 lan2"
excluded_networks
List of excluded network names to restrinct customers for accounting. Default: empty (none).
Example: excluded_networks = "lan3 lan4"
customergroups
List of customers groups to restrict customers for accounting. Default: empty (all groups).
Example: customergroups = "group1 group2"
excluded_customergroups
List of excluded customers groups to restrict customers for accounting. Default: empty (none).
Example: excluded_customergroups = "group3 group4"
6.2.4. Notify
6.2.4.1. Description
Module 'notify' is designed to inform customers about their debt using electronic mail. Current customer balance is compared to 'limit' option, if it's beneath that limit - message will be sent. Message content is taken from template, which may include the following variables:
%saldo - current customer balance (also %b)
%B - absolute value of current customer balance
%pin - customer PIN
%name - customer forename
%lastname - company name or customer lastname
%last_10_in_a_table - last 10 operations on customer account
6.2.4.2. Configuration
Configuration options for 'notify' module are presented below:
template
Location of message template file. Default: empty.
Example: template = modules/notify/sample/mailtemplate
file
Location of temporary file. Default: /tmp/mail
Example: file = /tmp/mail.txt
command
Shell command for sending an e-mail. '%address' will be replaced by customer e-mail address. Default: 'mail -s "Liabilities Information" %address < /tmp/mail'.
Example: command = 'mail -s "You must pay or ..." $address < /tmp/mail.txt'
limit
Message is sent when customer balance will decrease below value defined in this option. Default: 0
Example: limit = -20
debug_mail
If set, all messages goes to this address, instead of sending them to customers. Useful for testing. Default: empty.
Example: debug_mail = tester@my.net
6.2.5. Ggnotify
6.2.5.1. Description
Equivalent of 'notify' module developed to send gadu-gadu instant messages. Gadu-Gadu is most popular polish internet messenger.
Module require libgadu shared library and sources of ekg program. Appropriate paths for them must be present in modules/ggnotify/Makefile before module compilation.
6.2.5.2. Configuration
Options similar to 'notify' module might be also used here:
template
Location of message template file. Default: empty.
Example: template = modules/notify/sample/mailtemplate
uin
Gadu-gadu identifier number of message sender. Default: empty.
Example: uin = 1234567
password
Password for account specified by 'uin'. Default: empty.
Example: password = "my_HURD.password"
limit
Message is sent when customer balance will decrease below value defined in this option. Default: 0
Example: limit = -20
debug_uin
If is set, all messages will go to that 'uin'. Default: empty.
Example: debug_uin = 7654321
6.2.6. Cutoff
6.2.6.1. Description
Cutoff do change nodes status to 'disconnected' and/or enable warnings for customers, which have debts greater than specified limit. Also, disables computers due to assignments expiration. This module does not doing actual blocking of network access.
6.2.6.2. Configuration
You can use following options for 'cutoff' module:
limit
Disconnection occurs when customer balance decreases below specified limit as numeric value or as percentage of sum of customer's monthly assignments (with '%' sign). Default: 0.
Example: limit = -20
command
Specifies system command, that is executed if at least one customer should be disconnected or warning should be enabled. Default: empty.
Example: command = 'lmsd -qi firewall'
warning
Enable warning for disconnected customer and write him WWW browser message specified in this option. If empty, warning will be not enabled. Date in message is substituted providing '%time' variable. You can also use %B for real customer balance and %b for unsigned balance value. Default: 'Blocked automatically due to payment deadline override at %time".
Example: warning = ""
expired_warning
Sets the message to customer when disabling his computers access due to all assignments expiration. If empty, warning will be not set. Date in message is substituted providing '%time' variable. Default: 'Blocked automatically due to tariff(s) expiration at %time'.
Example: expired_warning = ""
warnings_only
Here you can to decide, if you want to use this module only for warnings or to actually cut people off. Works for customers with assignments. Default: false.
Example: warnings_only = true
setnodegroup_only
Sets nodes group name. Module assigns to that group all computers of customer who exceeds value or invoice limit. Customer's status isn't changed. Default: none.
Example: setnodegroup_only = blocked_nodes
disable_suspended
Use this option to disable customers with suspended all current assignments. Default: false.
Example: disable_suspended = true
use_nodeassignments
You should enable this option only if you are using nodes with tariffs assignments. In other way tariffs assignments with customers are checked. Default: false.
Example: use_nodeassignments = true
use_customerassignments
You should disable this option only if you don't want to check assignments (or node assignments are used). Default: true.
Example: use_customerassignments = false
check_invoices
This option enables additional checking if customer has unpayed invoices with deadline date older than date specified in 'deadline' option. Default: false.
Example: check_invoices = true
deadline
Sets period in days (from invoice deadline date), after which unpayed invoice is considered for 'check_invoices' check. By default, customer would be blocked just after deadline. Default: 0.
Example: deadline = 30
customergroups
List of customers groups to restrict customers for accounting. Default: empty (all groups).
Example: customergroups = "group1 group2"
excluded_customergroups
List of excluded customers groups to restrict customers for accounting. Default: empty (none).
Example: excluded_customergroups = "group3 group4"
networks
List of network names to get into consideration. Default: empty (all networks).
Example: networks = 'lan1 lan2'
excluded_networks
List of network names to exclude. Default: empty (none).
Example: excluded_networks = 'lan3 lan4'
6.2.7. DHCP
6.2.7.1. Description
Module responsible for management of DHCP server, creates configuration file and restarts service. It's possible to execute other functions (programs) with 'command' option.
6.2.7.2. Configuration
Most of configuration parameters match with parts of DHCP configuration file, and in typical environment doesn't need any changes:
file
Location of DHCP server configuration file. Default: /etc/dhcpd.conf.
Example: file = /etc/dhcp/dhcpd.conf
command
Shell command executed after config file creation. Default: 'killall dhcpd; /usr/sbin/dhcpd'.
Example: command = '/etc/rc.d/rc.dhcpd restart'
begin
File header. Default: empty.
Example: begin = "authoritative;"
end
File footer. Default: empty.
Example: end = ""
subnet_start
Subnet header. '%a' - name, '%m' - mask, %b - broadcast address. Default: "subnet %a netmask %m {\ndefault-lease-time 86400;\nmax-lease-time 86400;".
Example: subnet_start = "subnet %a netmask %m {default-lease-time 3600;"
subnet_end
Subnet footer. Default: "}".
Example: subnet_end = '\t}'
subnet_gateway
Subnet gateway. '%i' will be changed to IP address. Default: "option routers %i;".
Example: subnet_gateway = "option routers %i"
subnet_dns
Subnet DNS servers. '%i - dns addresses. Default: "option domain-name-servers %i;".
Example: subnet_dns = "option domain-name-servers 192.168.0.1"
subnet_domain
Subnet domain name. '%n' - name. Default: 'option domain-name "%n";'.
Example: subnet_domain = 'option domain-name "test.%n";'
subnet_wins
WINS servers. '%i' - server IP address. Default: "option netbios-name-servers %i;".
Example: subnet_wins = ""
subnet_range
Subnet address range. '%s' - initial address, '%e' - end of range. Default: "range %s %e;".
Example: subnet_range = "range %s %e;"
host
Hosts parameters, where '%n' - host name, '%m' - MAC, '%i' - IP address. Default: "\thost %n {\n\t\thardware ethernet %m; fixed-address %i; \n\t}".
Example: host = "host %n {hardware ethernet %m; fixed-address %i;}"
networks
List of network names that should be included in configuration (case insensitive). Default: empty (all networks).
Example: networks = "lan1 lan2"
customergroups
List of customers groups that should be included in configuration (case insensitive). Default: empty (all groups).
Example: customergroups = "group1 group2"
6.2.8. Hostfile
6.2.8.1. Description
Module 'hostfile' is a multipurpose tool. It performs loop on all hosts (nodes and network devices addresses) from database fetching their connection and warnings status, private and public addresses, network that they are connected to and groups of they owners. Because of that it is possible to create any set of firewall rules, or /etc/hosts file. Data is written to file and after that specified shell command can be executed.
6.2.8.2. Configuration
The following replacement variables can be used in host rule options:
| %i - IP address, |
| %ipub - public IP address, |
| %id - node ID, |
| %m - MAC address, |
| %ms - comma-separated list of node MACs |
| %n - host name, |
| %p - node (computer) password, |
| %port - device's port to which computer is connected, |
| %l - host location, |
| %devl - location of device to which node is connected, |
| %info - node description, |
| %domain - domain, |
| %net - network name, |
| %gw - gateway address of network, |
| %if - network's interface, |
| %mask - network mask, |
| %addr - network's address, |
| %prefix - network mask CIDR-style prefix, |
| %dns, %dns2 - DNS server addresses, |
| %dhcps, %dhcpe - start and end of DHCP range, |
| %wins - WINS server address, |
| %i16 - IP's last octet in hex, |
| %i16pub - public IP's last octet in hex. |
| %domainpub - domain name of public network, |
| %netpub - public network name, |
| %gwpub - gateway address of public network, |
| %ifpub - public network's interface, |
| %maskpub - public network mask, |
| %addrpub - public network's address, |
| %prefixpub - public network mask CIDR-style prefix, |
| %dnspub, %dns2pub - DNS server addresses in public network, |
| %dhcpspub, %dhcpepub - start and end of DHCP range in public network, |
| %winspub - WINS server address in public network, |
| %customer - node owner's name, |
| %cid - node owner's ID, |
file
Location of generated file. Default: /tmp/hostfile
Example: file = /etc/rc.d/rc.firewall
command
Shell command(s) executed after 'file' creation. Default: empty
Example: command = '/bin/sh /etc/rc.d/rc.firewall'
begin
File header. Default: "/usr/sbin/iptables -F FORWARD\n"
Example: begin = "IPT=/usr/sbin/iptables \n$IPT -F FORWARD\n"
end
File footer. Default: "/usr/sbin/iptables -A FORWARD -J REJECT\n"
Example: end = "$IPT -A FORWARD -J REJECT\n"
host_begin
Host rule header. Default: ""
Example: host_begin = "#%n\n"
host_end
Host rule footer. Default: ""
Example: host_end = "\n"
grantedhost
Line with rule(s) for connected node. Default: "/usr/sbin/iptables -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n"
Example: grantedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n"
deniedhost
Line with rule(s) for disconnected node. Default: "/usr/sbin/iptables -A FORWARD -s %i -m mac --mac-source %m -j REJECT\n"
Example: deniedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j REJECT\n"
public_grantedhost
Line with rule(s) for connected node with specified public IP. By default rule specified in 'grantedhost' option.
Example: public_grantedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n$IPT -t nat -A PREROUTING -p tcp -d %ipub -j DNAT --to-destination %i\n$IPT -t nat -A POSTROUTING -s %i -j SNAT --to-source %ipub\n"
public_deniedhost
Line with rule(s) for disconnected node with specified public IP. By default rule specified in 'deniedhost' option.
Example: public_deniedhost = ""
warnedhost
Line with rule(s) for node with set warnings flag.
Example: warnedhost = "$IPT -A PREROUTING -s %i --dport 80 -p tcp -j REDIRECT --to-port 82\n"
public_warnedhost
Line with rule(s) for node with set warnings flag and specified public IP. By default rule specified in 'warnedhost' option.
Example: public_warnedhost = ""
public_replace
Specify that rules for public addresses would overwrite main rules or be added to them. Default: enabled.
Przykład: public_replace = false
warn_replace
Specify that rules for nodes with warnings would replace main rules or be added to them. Default: disabled.
Przykład: warn_replace = true
networks
List of network names which members should be included in config (case insensitive). Default: empty (all networks).
Example: networks = "lan1 lan2"
customergroups
List of customer groups names which members should be included in config (case insensitive). Default: empty (all groups).
Example: customergroups = "group1 group2"
nodegroups
List of node groups names which members should be included in config (case insensitive). Default: empty (all groups).
Example: nodegroups = "group1 group2"
excluded_networks
List of network names which members should be excluded from config (case insensitive). Default: empty (none).
Example: excluded_networks = "lan3 lan4"
excluded_customergroups
List of customer groups names which members should be excluded from config (case insensitive). Default: empty (none).
Example: excluded_customergroups = "group1 group2"
excluded_nodegroups
List of node groups names which members should be excluded from config (case insensitive). Default: empty (none).
Example: excluded_nodegroups = "group1 group2"
skip_dev_ips
If enabled (yes, true) network devices (devices that does not belong to customers) will be ignored (omitted). Default: yes
Example: skip_dev_ips = no
skip_host_ips
If enabled (yes, true) hosts IPs (customers nodes) will be ignored (omitted). Default: no
Example: skip_host_ips = yes
multi_mac
If enabled (yes, true) each IP-MAC pair will be listed. Default: no
Example: multi_mac = yes
6.2.9. Traffic
6.2.9.1. Description
'Traffic' is an equivalent of 'lms-traffic' Perl script,which loads internet link stats to database, from file created by user. That file must have format: host_IP upload download. More information (including how to make such file) can be found in chapter with lms-traffic description.
6.2.9.2. Configuration
There is only one available option and it's mandatory:
file
Location of file with firewall stats. Default: /var/log/traffic.log
Example: file = /tmp/log
6.2.10. Tc (HTB)
6.2.10.1. Description
Generate script containing iptables and tc rules for traffic control ie. band and customer connections limits. Rules for nodes can be freely defined and used not only for traffic control. Principle of operation of this module is following: First of all all customers data is being retrieved. Totals for limitations (uprate, downrate, upceil, downceil, connection limit) are being calculated for each customer. Then, loop is performed to check networks and groups (if specified). If limit values are not zeroes rules are written to file with variables replacement. The following variables can be used in rules: %name - host name, %i - IP address, %m - MAC, %if - network interface, %uprate, %downrate, %upceil, %downceil, %plimit, %climit, %o1, %o2, %o3, %o4 - IP's octets, %h1, %h2, %h3, %h4 - IP's octets in hex and %x - integer counter with initial value of 100 incremented by one for each node (or customer).
Default policy for creating HTB class is one class per all nodes belonging to each customer. It can be changed with 'one_class_per_host' option.
Default configuration assumes that your system supports HTB and iptables with modules limit, connlimit, mark and ipp2p. You can patch kernel or use sources available at www.inet.one.pl (polish project, site in PL).
6.2.10.2. Configuration
There are basic options like groups of customers, file, command, networks and extra options which are define tc and firewall rules available to use. Default config is designed for 512/128 kbit limits and 100mbit links.
file
Location of file. Default: /etc/rc.d/rc.htb.
Example: file = /tmp/rc.htb
command
Shell command executed after file creation. Default: "sh /etc/rc.d/rc.htb start".
Example: command = "chmod 700 /tmp/rc.htb; /tmp/rc.htb start"
begin
Script header. Default:
"#!/bin/sh IPT=/usr/sbin/iptables TC=/sbin/tc LAN=eth0 WAN=eth1 BURST="burst 30k" stop () { $IPT -t mangle -D FORWARD -i $WAN -j LIMITS >/dev/null 2>&1 $IPT -t mangle -D FORWARD -o $WAN -j LIMITS >/dev/null 2>&1 $IPT -t mangle -F LIMITS >/dev/null 2>&1 $IPT -t mangle -X LIMITS >/dev/null 2>&1 $IPT -t mangle -F OUTPUT $IPT -t filter -F FORWARD $TC qdisc del dev $LAN root 2> /dev/null $TC qdisc del dev $WAN root 2> /dev/null } start () { stop $IPT -t mangle -N LIMITS $IPT -t mangle -I FORWARD -i $WAN -j LIMITS $IPT -t mangle -I FORWARD -o $WAN -j LIMITS # incoming traffic $IPT -t mangle -A OUTPUT -j MARK --set-mark 1 $TC qdisc add dev $LAN root handle 1:0 htb default 3 r2q 1 $TC class add dev $LAN parent 1:0 classid 1:1 htb rate 99000kbit ceil 99000kbit quantum 1500 $TC class add dev $LAN parent 1:1 classid 1:2 htb rate 500kbit ceil 500kbit $TC class add dev $LAN parent 1:1 classid 1:3 htb rate 98500kbit ceil 98500kbit prio 9 quantum 1500 $TC qdisc add dev $LAN parent 1:3 esfq perturb 10 hash dst # priorities for ICMP, TOS 0x10 and ports 22 and 53 $TC class add dev $LAN parent 1:2 classid 1:20 htb rate 50kbit ceil 500kbit $BURST prio 1 quantum 1500 $TC qdisc add dev $LAN parent 1:20 esfq perturb 10 hash dst $TC filter add dev $LAN parent 1:0 protocol ip prio 2 u32 match ip sport 22 0xffff flowid 1:20 $TC filter add dev $LAN parent 1:0 protocol ip prio 2 u32 match ip sport 53 0xffff flowid 1:20 $TC filter add dev $LAN parent 1:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 1:20 $TC filter add dev $LAN parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 1:20 # server -> LAN $TC filter add dev $LAN parent 1:0 protocol ip prio 4 handle 1 fw flowid 1:3 # outgoing traffic $TC qdisc add dev $WAN root handle 2:0 htb default 11 r2q 1 $TC class add dev $WAN parent 2:0 classid 2:1 htb rate 120kbit ceil 120kbit # priorities for ACK, ICMP, TOS 0x10, ports 22 and 53 $TC class add dev $WAN parent 2:1 classid 2:10 htb rate 60kbit ceil 120kbit prio 1 quantum 1500 $TC qdisc add dev $WAN parent 2:10 esfq perturb 10 hash dst $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip dport 22 0xffff flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip dport 53 0xffff flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:10 $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 2:10 # server -> Internet $TC class add dev $WAN parent 2:1 classid 2:11 htb rate 30kbit ceil 120kbit prio 2 quantum 1500 $TC qdisc add dev $WAN parent 2:11 esfq perturb 10 hash dst $TC filter add dev $WAN parent 2:0 protocol ip prio 3 handle 1 fw flowid 2:11 $TC filter add dev $WAN parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:11Example: begin = "#!/bin/bash\n$TC=/usr/local/sbin/tc\n"
end
Script footer. Default:
} case "$1" in 'start') start ;; 'stop') stop ;; 'status') echo "WAN Interface" echo "=============" $TC class show dev $WAN | grep root $TC class show dev $WAN | grep -v root | sort | nl echo "LAN Interface" echo "=============" $TC class show dev $LAN | grep root $TC class show dev $LAN | grep -v root | sort | nl ;; *) echo -e "\nUsage: rc.htb start|stop|status" ;; esacExample: end = ""
one_class_per_host
Specify htb class creation policy. By default all computers of customer will be placed in one class. Setting it to 'true' will effect in that rules specified in host_htb_up and host_htb_down will be generated for all customer's computers (with different value of '%x'). Rules host_mark_down, host_mark_up, host_plimit and host_climit are generated for each node regardless of this option setting. Default: false
Example: one_class_per_host = 1
host_mark_up
Mark rule for each computer. Default:
# %n $IPT -t mangle -A LIMITS -s %i -j MARK --set-mark %x
Example: host_mark_up = ""
host_mark_down
Mark rule for each offline computer. Default:
$IPT -t mangle -A LIMITS -d %i -j MARK --set-mark %x
Example: host_mark_down = ""
host_htb_down
Rules for each computer executed when uprate and downrate value is above zero. Default:
$TC class add dev $LAN parent 1:2 classid 1:%x htb rate %downratekbit ceil %downceilkbit $BURST prio 2 quantum 1500 $TC qdisc add dev $LAN parent 1:%x esfq perturb 10 hash dst $TC filter add dev $LAN parent 1:0 protocol ip prio 5 handle %x fw flowid 1:%x
Example: host_htb_down = ""
host_htb_up
Rules for each computer executed when uprate and downrate value is above zero. Default:
$TC class add dev $WAN parent 2:1 classid 2:%x htb rate %upratekbit ceil %upceilkbit $BURST prio 2 quantum 1500 $TC qdisc add dev $WAN parent 2:%x esfq perturb 10 hash dst $TC filter add dev $WAN parent 2:0 protocol ip prio 5 handle %x fw flowid 2:%x
Example: host_htb_up = ""
host_climit
Rule with simultaneous TCP connections limit. Executed when climit value is above zero. Default:
$IPT -t filter -I FORWARD -p tcp -s %i -m connlimit --connlimit-above %climit -m ipp2p --ipp2p -j REJECT
Example: host_climit = "$IPT -t filter -I FORWARD -p tcp -s %i -m connlimit --connlimit-above -j REJECT"
host_plimit
Rule with limiting of packets in time unit (here second). Executed when plimit value is above zero. Default:
$IPT -t filter -I FORWARD -p tcp -d %i -m limit --limit %plimit/s -m ipp2p --ipp2p -j ACCEPT $IPT -t filter -I FORWARD -p tcp -s %i -m limit --limit %plimit/s -m ipp2p --ipp2p -j ACCEPT
Example: host_plimit = ""
networks
List of network names that should be included in configuration (case insensitive). Default: empty (all networks).
Example: networks = "lan1 lan2"
customergroups
List of customer groups that should be included in configuration (case insensitive). Default: empty (all groups).
Example: customergroups = "group1 group2"
6.2.11. Dns
6.2.11.1. Description
Configuration of named zones. This is one of most complicated modules to setup. It creates zone files for each network and zone definition entries in named.conf on the basis of template files. Example templates are placed in /modules/dns/sample directory.
6.2.11.2. Configuration
forward-patterns
Directory with zone templates. Default: forward.
Example: forward-patterns = /dns/patterns/forward
reverse-patterns
Directory with reverse zone templates. Default: reverse.
Example: reverse-patterns = /dns/patterns/revers
generic-forward
Default template. It will be used if directory specified by 'forward-patterns' doesn't contain a file with name corresponding to network domain name. Default: modules/dns/sample/forward/generic.
Example: generic-forward = /dns/patterns/forward
generic-reverse
Default template. It will be used if directory specified by 'reverse-patterns' doesn't contain a file with name corresponding to network IP address. Default: modules/dns/sample/reverse/generic.
Example: generic-reverse = /dns/patterns/forward
forward-zones
Directory for generated zone files. Default: modules/dns/sample/out/forward.
Example: forward-zones = /dns/forward
reverse-zones
Directory for generated reverse zone files. Default: modules/dns/sample/out/reverse.
Example: reverse-zones = /dns/reverse
host-reverse
Line in reverse zone file for each computer of given network. Default: "%n IN A %i\n".
Example: host-reverse = "\t %n IN A %i\n"
host-forward
Line in zone file for each computer of given network. Default: "%c IN PTR %n.%d.\n".
Example: host-forward = "\t %c IN PTR %n.%d.\n"
conf-pattern
Location of main template for server configuration file. Default: modules/dns/sample/named.conf.
Example: conf-pattern = /dns/patterns/named.conf
conf-output
Location of main configuration file. Default: /tmp/named.conf.
Example: conf-output = /etc/named.conf
conf-forward-entry
Entry for each zone in main configuration file. Default: 'zone "%n" {\ntype master;\n file "forward/%n"; \nnotify yes; \n}; \n'.
Example: conf-forward-entry = 'zone "%n" { \n\ttype master; \n\tfile "forward/%n"; \n\tnotify yes; \n}; \n'
conf-reverse-entry
Entry for each reverse zone in main configuration file. Default: 'zone "%c.in-addr.arpa" { \ntype master; \nfile "reverse/%c"; \nnotify yes; \n}; \n'.
Example: conf-revers-entry = 'zone "%c.in-addr.arpa" { \n\ttype master; \n\tfile "reverse/%c"; \n\tnotify yes; \n}; \n'
command
Shell command executed after files creation. Default: empty.
Example: command = "killall -HUP named"
networks
List of network names that should be included in configuration (case insensitive). Default: empty (all networks).
Example: networks = "lan1 lan2"
customergroups
List of customer (user) groups that should be included in configuration (case insensitive). Default: empty (all groups).
Example: customergroups = "group1 group2"
6.2.12. Ethers
6.2.12.1. Description
This module creates configuration for system ARP table. Setting option 'dummy_macs' will put mac address 00:00:00:00:00:00 for all disconnected computers.
6.2.12.2. Configuration
Basic options:
file
Location of output file. Default: /etc/ethers.
Example: file = /tmp/ethers
command
Shell command to execute after config file creation. Default: 'arp -f /etc/ethers'.
Example: command = ""
dummy_macs
If you set to 'yes', disconnected computers will get MAC '00:00:00:00:00:00'. Default: "no".
Example: dummy_macs = yes
networks
List of network names that should be included in configuration (case insensitive). Default: empty (all networks).
Example: networks = "lan1 lan2"
customergroups
List of customer groups names that should be included in configuration (case insensitive). Default: empty (all groups).
Example: customergroups = "group1 group2"
6.2.13. Oident
6.2.13.1. Description
Module for oidentd configuration. Basically it can be created with hostfile module, but here you have ready-made default settings for this purpose.
6.2.13.2. Configuration
And here are the options of oident:
begin
Text inserted on the beginning of file. Default: empty.
Example: begin = "#Auto-generated\n"
end
Text inserted on the end of file. Default: empty.
Example: end = ""
host
Line of text for each of computers. Default: "%i\t%n\tUNIX".
Example: host = "%i %n WINDOWS"
file
Configuration file. Default: /etc/oidentd.conf.
Example: file = /tmp/identd.conf
networks
List of networks. Default: empty (all networks).
Example: networks = 'lan1 lan2'
command
Shell command(s) to execute after file creation. Default: empty.
Example: command = "killall -HUP oidentd"
6.2.14. Pinger
6.2.14.1. Description
Module pinger is an equivalent of lms-fping Perl script, however it has some fundamental differences. It doesn't need external program to check hosts availability and work with use of ARP protocol and thus it can perform network scanning about 2 times faster. Also there are no problems with hosts with ping response disabled or firewalled. After scanning, last-seen time is set for all online hosts in database used to illustrate hosts activity on nodes list and network map.
 | Pinger for work use interface names, so (e.g. if you are using ip command) you'll need to label interfaces in your system (ip addr add ... label ...). Also remember, don't use a dots or dashes in interface names (ip allows that, but such a name is not usable for pinger). |
6.2.14.2. Configuration
Pinger has only one config option:
networks
List of network names. Default: empty (all networks).
Example: networks = 'lan1 lan2'
6.2.15. Parser
6.2.15.1. Introduction
Parser module is based on a scripting language T-Script which primary purpose is to generate text files. It can be useful for processing templates with some additional data retrieved from data sources like SQL databases or text files. In lmsd's module contents of scripts are stored in database, so they can be edited via LMS-UI. In the future parser should replace almost all lmsd modules.
T-Script language is described in section T-Script.
Before compilation ensure that you have in your system packages bison (at least 1.875 version) and flex.
6.2.15.2. Configuration
Parser has following options:
script
Contents of script. Default: empty.
Example: script = '{var=1}variable var={var}'
file
Location of output file. Default: empty.
Example: file = /tmp/parser.out
command
Shell command to execute after script compilation. Default: empty
Example: command = "sh /tmp/parser.out"