6.2. Modules

As we stated before daemon can only run modules and they are doing all the job. Most modules are designed to specific application, only 'hostfile' can be used to create many different configs (and manage numerous services), ie. various firewall types. Module configuration parameters MUST be placed in appropriate instance section.

6.2.1. Modules list

Table 6-1. List of all lmsd modules

NameDescription
systemShell commands execution
parserUniversal T-Script scripts parser
dhcpConfiguration of DHCP server
cutoffDisconnection of indebted users
dnsConfiguration of DNS server
ethers/etc/ethers file creation
hostfileUniversal module (eg. making iptables rules)
notifyEmail notify about payments
ggnotifyGadu-Gadu (polish internet messenger) notify about payments
paymentsPayments accounting
oidentConfiguration of oident daemon
tcMaking HTB rules
trafficInternet link usage statistics
pingerUsers activity (online) scanning

6.2.2. System

6.2.2.1. Description

This module does only one thing: it runs given Linux shell command or/and SQL query. It can be useful if you want to execute some command or run external script while configuration is being reload, eg. one of scripts in LMS /bin directory. SQL command is executed first.

6.2.2.2. Configuration

You can define command strings or SQL queries. Commands will be executed via shell, separated by semicolons:

  • sql

    SQL command. Default: empty.

    Example: command = 'DELETE FROM stats WHERE dt < %NOW% - 365*86400'

  • command

    Shell command(s). Default: empty.

    Example: command = 'echo -n "hello "; echo "world"'

6.2.3. Payments

6.2.3.1. Description

Module calculates subscription and solid fees for customers, basing on current date. It should be executed once a day. Payments are calculated basing on customers liabilities and written to database with description filled in 'comment' field. If appropriate, invoices are created. Description of solid payment is a combination of liability and creditor name. At the end outdated liabilities are being removed from database.

6.2.3.2. Configuration

You can use following options for this module:

  • comment

    Description of operation. '%period' will be replaced by start and end date of subscription, e.g. '2003/10/10 - 2003/11/09', '%tariff' by name of liability, %month by full name of current month and %year by current year, %next_mon by next month in YYYY/MM format. Default: 'Subscription: '%tariff' for period: %period'.

    Example: comment = 'Subscription %tariff'

  • settlement_comment

    Description of settlement operation. '%period' will be replaced by start and end date of settlement period, e.g. '2003/10/20 - 2003/11/09', and '%tariff' by name of liability. Defaults to comment option.

    Example: settlement_comment = 'Settlement of subscription %tariff'.

  • up_payments

    How should period in comment be counted - forward or backward relatively to date of write out. Default: yes.

    Example: up_payments = no

  • expiry_days

    Defines number of days from date of liability expiration, after which that liability will be removed from database. When you set '0' data will be removed immediately after date of the write out. Default: 30.

    Example: expiry_days = 365

  • deadline

    Payment deadline in days. Default: 14.

    Example: deadline = 21

  • paytype

    Payment type identifier (1-cash, 2-transfer, 3-transfer/cash, 4-card, 5-compensation, 6-barter, 7-contract). Default: 2 (transfer).

    Example: paytype = 1

  • numberplan

    ID of invoices numbering plan defined in Configuration -> Numbering Plans. Default: 0 (default plan).

    Example: numberplan = 1

  • check_invoices

    Enables checking of invoices as accounted for customers with balance equal or greater than zero. Default: false.

    Example: check_invoices = 1

  • networks

    List of network names to restrinct customers for accounting. Default: empty (all networks).

    Example: networks = "lan1 lan2"

  • excluded_networks

    List of excluded network names to restrinct customers for accounting. Default: empty (none).

    Example: excluded_networks = "lan3 lan4"

  • customergroups

    List of customers groups to restrict customers for accounting. Default: empty (all groups).

    Example: customergroups = "group1 group2"

  • excluded_customergroups

    List of excluded customers groups to restrict customers for accounting. Default: empty (none).

    Example: excluded_customergroups = "group3 group4"

6.2.4. Notify

6.2.4.1. Description

Module 'notify' is designed to inform customers about their debt using electronic mail. Current customer balance is compared to 'limit' option, if it's beneath that limit - message will be sent. Message content is taken from template, which may include the following variables:

  • %saldo - current customer balance (also %b)

  • %B - absolute value of current customer balance

  • %pin - customer PIN

  • %name - customer forename

  • %lastname - company name or customer lastname

  • %last_10_in_a_table - last 10 operations on customer account

6.2.4.2. Configuration

Configuration options for 'notify' module are presented below:

  • template

    Location of message template file. Default: empty.

    Example: template = modules/notify/sample/mailtemplate

  • file

    Location of temporary file. Default: /tmp/mail

    Example: file = /tmp/mail.txt

  • command

    Shell command for sending an e-mail. '%address' will be replaced by customer e-mail address. Default: 'mail -s "Liabilities Information" %address < /tmp/mail'.

    Example: command = 'mail -s "You must pay or ..." $address < /tmp/mail.txt'

  • limit

    Message is sent when customer balance will decrease below value defined in this option. Default: 0

    Example: limit = -20

  • debug_mail

    If set, all messages goes to this address, instead of sending them to customers. Useful for testing. Default: empty.

    Example: debug_mail = tester@my.net

6.2.5. Ggnotify

6.2.5.1. Description

Equivalent of 'notify' module developed to send gadu-gadu instant messages. Gadu-Gadu is most popular polish internet messenger.

Module require libgadu shared library and sources of ekg program. Appropriate paths for them must be present in modules/ggnotify/Makefile before module compilation.

6.2.5.2. Configuration

Options similar to 'notify' module might be also used here:

  • template

    Location of message template file. Default: empty.

    Example: template = modules/notify/sample/mailtemplate

  • uin

    Gadu-gadu identifier number of message sender. Default: empty.

    Example: uin = 1234567

  • password

    Password for account specified by 'uin'. Default: empty.

    Example: password = "my_HURD.password"

  • limit

    Message is sent when customer balance will decrease below value defined in this option. Default: 0

    Example: limit = -20

  • debug_uin

    If is set, all messages will go to that 'uin'. Default: empty.

    Example: debug_uin = 7654321

6.2.6. Cutoff

6.2.6.1. Description

Cutoff do change nodes status to 'disconnected' and/or enable warnings for customers, which have debts greater than specified limit. Also, disables computers due to assignments expiration. This module does not doing actual blocking of network access.

6.2.6.2. Configuration

You can use following options for 'cutoff' module:

  • limit

    Disconnection occurs when customer balance decreases below specified limit as numeric value or as percentage of sum of customer's monthly assignments (with '%' sign). Default: 0.

    Example: limit = -20

  • command

    Specifies system command, that is executed if at least one customer should be disconnected or warning should be enabled. Default: empty.

    Example: command = 'lmsd -qi firewall'

  • warning

    Enable warning for disconnected customer and write him WWW browser message specified in this option. If empty, warning will be not enabled. Date in message is substituted providing '%time' variable. You can also use %B for real customer balance and %b for unsigned balance value. Default: 'Blocked automatically due to payment deadline override at %time".

    Example: warning = ""

  • expired_warning

    Sets the message to customer when disabling his computers access due to all assignments expiration. If empty, warning will be not set. Date in message is substituted providing '%time' variable. Default: 'Blocked automatically due to tariff(s) expiration at %time'.

    Example: expired_warning = ""

  • warnings_only

    Here you can to decide, if you want to use this module only for warnings or to actually cut people off. Works for customers with assignments. Default: false.

    Example: warnings_only = true

  • setnodegroup_only

    Sets nodes group name. Module assigns to that group all computers of customer who exceeds value or invoice limit. Customer's status isn't changed. Default: none.

    Example: setnodegroup_only = blocked_nodes

  • disable_suspended

    Use this option to disable customers with suspended all current assignments. Default: false.

    Example: disable_suspended = true

  • use_nodeassignments

    You should enable this option only if you are using nodes with tariffs assignments. In other way tariffs assignments with customers are checked. Default: false.

    Example: use_nodeassignments = true

  • use_customerassignments

    You should disable this option only if you don't want to check assignments (or node assignments are used). Default: true.

    Example: use_customerassignments = false

  • check_invoices

    This option enables additional checking if customer has unpayed invoices with deadline date older than date specified in 'deadline' option. Default: false.

    Example: check_invoices = true

  • deadline

    Sets period in days (from invoice deadline date), after which unpayed invoice is considered for 'check_invoices' check. By default, customer would be blocked just after deadline. Default: 0.

    Example: deadline = 30

  • customergroups

    List of customers groups to restrict customers for accounting. Default: empty (all groups).

    Example: customergroups = "group1 group2"

  • excluded_customergroups

    List of excluded customers groups to restrict customers for accounting. Default: empty (none).

    Example: excluded_customergroups = "group3 group4"

  • networks

    List of network names to get into consideration. Default: empty (all networks).

    Example: networks = 'lan1 lan2'

  • excluded_networks

    List of network names to exclude. Default: empty (none).

    Example: excluded_networks = 'lan3 lan4'

6.2.7. DHCP

6.2.7.1. Description

Module responsible for management of DHCP server, creates configuration file and restarts service. It's possible to execute other functions (programs) with 'command' option.

6.2.7.2. Configuration

Most of configuration parameters match with parts of DHCP configuration file, and in typical environment doesn't need any changes:

  • file

    Location of DHCP server configuration file. Default: /etc/dhcpd.conf.

    Example: file = /etc/dhcp/dhcpd.conf

  • command

    Shell command executed after config file creation. Default: 'killall dhcpd; /usr/sbin/dhcpd'.

    Example: command = '/etc/rc.d/rc.dhcpd restart'

  • begin

    File header. Default: empty.

    Example: begin = "authoritative;"

  • end

    File footer. Default: empty.

    Example: end = ""

  • subnet_start

    Subnet header. '%a' - name, '%m' - mask, %b - broadcast address. Default: "subnet %a netmask %m {\ndefault-lease-time 86400;\nmax-lease-time 86400;".

    Example: subnet_start = "subnet %a netmask %m {default-lease-time 3600;"

  • subnet_end

    Subnet footer. Default: "}".

    Example: subnet_end = '\t}'

  • subnet_gateway

    Subnet gateway. '%i' will be changed to IP address. Default: "option routers %i;".

    Example: subnet_gateway = "option routers %i"

  • subnet_dns

    Subnet DNS servers. '%i - dns addresses. Default: "option domain-name-servers %i;".

    Example: subnet_dns = "option domain-name-servers 192.168.0.1"

  • subnet_domain

    Subnet domain name. '%n' - name. Default: 'option domain-name "%n";'.

    Example: subnet_domain = 'option domain-name "test.%n";'

  • subnet_wins

    WINS servers. '%i' - server IP address. Default: "option netbios-name-servers %i;".

    Example: subnet_wins = ""

  • subnet_range

    Subnet address range. '%s' - initial address, '%e' - end of range. Default: "range %s %e;".

    Example: subnet_range = "range %s %e;"

  • host

    Hosts parameters, where '%n' - host name, '%m' - MAC, '%i' - IP address. Default: "\thost %n {\n\t\thardware ethernet %m; fixed-address %i; \n\t}".

    Example: host = "host %n {hardware ethernet %m; fixed-address %i;}"

  • networks

    List of network names that should be included in configuration (case insensitive). Default: empty (all networks).

    Example: networks = "lan1 lan2"

  • customergroups

    List of customers groups that should be included in configuration (case insensitive). Default: empty (all groups).

    Example: customergroups = "group1 group2"

6.2.8. Hostfile

6.2.8.1. Description

Module 'hostfile' is a multipurpose tool. It performs loop on all hosts (nodes and network devices addresses) from database fetching their connection and warnings status, private and public addresses, network that they are connected to and groups of they owners. Because of that it is possible to create any set of firewall rules, or /etc/hosts file. Data is written to file and after that specified shell command can be executed.

6.2.8.2. Configuration

The following replacement variables can be used in host rule options:

%i - IP address,
%ipub - public IP address,
%id - node ID,
%m - MAC address,
%n - host name,
%p - node (computer) password,
%port - device's port to which computer is connected,
%l - host location,
%devl - location of device to which node is connected,
%info - node description,
%domain - domain,
%net - network name,
%gw - gateway address of network,
%if - network's interface,
%mask - network mask,
%addr - network's address,
%prefix - network mask CIDR-style prefix,
%dns, %dns2 - DNS server addresses,
%dhcps, %dhcpe - start and end of DHCP range,
%wins - WINS server address,
%i16 - IP's last octet in hex,
%i16pub - public IP's last octet in hex.
%domainpub - domain name of public network,
%netpub - public network name,
%gwpub - gateway address of public network,
%ifpub - public network's interface,
%maskpub - public network mask,
%addrpub - public network's address,
%prefixpub - public network mask CIDR-style prefix,
%dnspub, %dns2pub - DNS server addresses in public network,
%dhcpspub, %dhcpepub - start and end of DHCP range in public network,
%winspub - WINS server address in public network,
%customer - node owner's name,
%cid - node owner's ID,
This module has following options:

  • file

    Location of generated file. Default: /tmp/hostfile

    Example: file = /etc/rc.d/rc.firewall

  • command

    Shell command(s) executed after 'file' creation. Default: empty

    Example: command = '/bin/sh /etc/rc.d/rc.firewall'

  • begin

    File header. Default: "/usr/sbin/iptables -F FORWARD\n"

    Example: begin = "IPT=/usr/sbin/iptables \n$IPT -F FORWARD\n"

  • end

    File footer. Default: "/usr/sbin/iptables -A FORWARD -J REJECT\n"

    Example: end = "$IPT -A FORWARD -J REJECT\n"

  • host_begin

    Host rule header. Default: ""

    Example: host_begin = "#%n\n"

  • host_end

    Host rule footer. Default: ""

    Example: host_end = "\n"

  • grantedhost

    Line with rule(s) for connected node. Default: "/usr/sbin/iptables -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n"

    Example: grantedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n"

  • deniedhost

    Line with rule(s) for disconnected node. Default: "/usr/sbin/iptables -A FORWARD -s %i -m mac --mac-source %m -j REJECT\n"

    Example: deniedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j REJECT\n"

  • public_grantedhost

    Line with rule(s) for connected node with specified public IP. By default rule specified in 'grantedhost' option.

    Example: public_grantedhost = "$IPT -A FORWARD -s %i -m mac --mac-source %m -j ACCEPT\n$IPT -t nat -A PREROUTING -p tcp -d %ipub -j DNAT --to-destination %i\n$IPT -t nat -A POSTROUTING -s %i -j SNAT --to-source %ipub\n"

  • public_deniedhost

    Line with rule(s) for disconnected node with specified public IP. By default rule specified in 'deniedhost' option.

    Example: public_deniedhost = ""

  • warnedhost

    Line with rule(s) for node with set warnings flag.

    Example: warnedhost = "$IPT -A PREROUTING -s %i --dport 80 -p tcp -j REDIRECT --to-port 82\n"

  • public_warnedhost

    Line with rule(s) for node with set warnings flag and specified public IP. By default rule specified in 'warnedhost' option.

    Example: public_warnedhost = ""

  • public_replace

    Specify that rules for public addresses would overwrite main rules or be added to them. Default: enabled.

    Przykład: public_replace = false

  • warn_replace

    Specify that rules for nodes with warnings would replace main rules or be added to them. Default: disabled.

    Przykład: warn_replace = true

  • networks

    List of network names which members should be included in config (case insensitive). Default: empty (all networks).

    Example: networks = "lan1 lan2"

  • customergroups

    List of customer groups names which members should be included in config (case insensitive). Default: empty (all groups).

    Example: customergroups = "group1 group2"

  • nodegroups

    List of node groups names which members should be included in config (case insensitive). Default: empty (all groups).

    Example: nodegroups = "group1 group2"

  • excluded_networks

    List of network names which members should be excluded from config (case insensitive). Default: empty (none).

    Example: excluded_networks = "lan3 lan4"

  • excluded_customergroups

    List of customer groups names which members should be excluded from config (case insensitive). Default: empty (none).

    Example: excluded_customergroups = "group1 group2"

  • excluded_nodegroups

    List of node groups names which members should be excluded from config (case insensitive). Default: empty (none).

    Example: excluded_nodegroups = "group1 group2"

  • skip_dev_ips

    If enabled (yes, true) network devices (devices that does not belong to customers) will be ignored (omitted). Default: yes

    Example: skip_dev_ips = no

  • skip_host_ips

    If enabled (yes, true) hosts IPs (customers nodes) will be ignored (omitted). Default: no

    Example: skip_host_ips = yes

6.2.9. Traffic

6.2.9.1. Description

'Traffic' is an equivalent of 'lms-traffic' Perl script,which loads internet link stats to database, from file created by user. That file must have format: host_IP upload download. More information (including how to make such file) can be found in chapter with lms-traffic description.

6.2.9.2. Configuration

There is only one available option and it's mandatory:

  • file

    Location of file with firewall stats. Default: /var/log/traffic.log

    Example: file = /tmp/log

6.2.10. Tc (HTB)

6.2.10.1. Description

Generate script containing iptables and tc rules for traffic control ie. band and customer connections limits. Rules for nodes can be freely defined and used not only for traffic control. Principle of operation of this module is following: First of all all customers data is being retrieved. Totals for limitations (uprate, downrate, upceil, downceil, connection limit) are being calculated for each customer. Then, loop is performed to check networks and groups (if specified). If limit values are not zeroes rules are written to file with variables replacement. The following variables can be used in rules: %name - host name, %i - IP address, %m - MAC, %if - network interface, %uprate, %downrate, %upceil, %downceil, %plimit, %climit, %i16 - IP's last octet heximal representation, %o1, %o2, %o3, %o4 - IP's octets and %x - integer counter with initial value of 100 incremented by one for each node (or customer).

Default policy for creating HTB class is one class per all nodes belonging to each customer. It can be changed with 'one_class_per_host' option.

Default configuration assumes that your system supports HTB and iptables with modules limit, connlimit, mark and ipp2p. You can patch kernel or use sources available at www.inet.one.pl (polish project, site in PL).

6.2.10.2. Configuration

There are basic options like groups of customers, file, command, networks and extra options which are define tc and firewall rules available to use. Default config is designed for 512/128 kbit limits and 100mbit links.

  • file

    Location of file. Default: /etc/rc.d/rc.htb.

    Example: file = /tmp/rc.htb

  • command

    Shell command executed after file creation. Default: "sh /etc/rc.d/rc.htb start".

    Example: command = "chmod 700 /tmp/rc.htb; /tmp/rc.htb start"

  • begin

    Script header. Default:

    "#!/bin/sh
    IPT=/usr/sbin/iptables
    TC=/sbin/tc
    LAN=eth0
    WAN=eth1
    BURST="burst 30k"
    
    stop ()
    {
    $IPT -t mangle -D FORWARD -i $WAN -j LIMITS >/dev/null 2>&1
    $IPT -t mangle -D FORWARD -o $WAN -j LIMITS >/dev/null 2>&1
    $IPT -t mangle -F LIMITS >/dev/null 2>&1
    $IPT -t mangle -X LIMITS >/dev/null 2>&1
    $IPT -t mangle -F OUTPUT
    $IPT -t filter -F FORWARD
    $TC qdisc del dev $LAN root 2> /dev/null
    $TC qdisc del dev $WAN root 2> /dev/null
    }
    
    start ()
    {
    stop
    $IPT -t mangle -N LIMITS
    $IPT -t mangle -I FORWARD -i $WAN -j LIMITS
    $IPT -t mangle -I FORWARD -o $WAN -j LIMITS
    # incoming traffic
    $IPT -t mangle -A OUTPUT -j MARK --set-mark 1
    $TC qdisc add dev $LAN root handle 1:0 htb default 3 r2q 1
    $TC class add dev $LAN parent 1:0 classid 1:1 htb rate 99000kbit ceil 99000kbit quantum 1500
    $TC class add dev $LAN parent 1:1 classid 1:2 htb rate   500kbit ceil   500kbit
    $TC class add dev $LAN parent 1:1 classid 1:3 htb rate 98500kbit ceil 98500kbit prio 9 quantum 1500
    $TC qdisc add dev $LAN parent 1:3 esfq perturb 10 hash dst
    # priorities for ICMP, TOS 0x10 and ports 22 and 53
    $TC class add dev $LAN parent 1:2 classid 1:20 htb rate 50kbit ceil 500kbit $BURST prio 1 quantum 1500
    $TC qdisc add dev $LAN parent 1:20 esfq perturb 10 hash dst
    $TC filter add dev $LAN parent 1:0 protocol ip prio 2 u32 match ip sport 22 0xffff flowid 1:20
    $TC filter add dev $LAN parent 1:0 protocol ip prio 2 u32 match ip sport 53 0xffff flowid 1:20
    $TC filter add dev $LAN parent 1:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 1:20
    $TC filter add dev $LAN parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 1:20
    # server -> LAN
    $TC filter add dev $LAN parent 1:0 protocol ip prio 4 handle 1 fw flowid 1:3
    
    # outgoing traffic
    $TC qdisc add dev $WAN root handle 2:0 htb default 11 r2q 1
    $TC class add dev $WAN parent 2:0 classid 2:1 htb rate 120kbit ceil 120kbit
    # priorities for ACK, ICMP, TOS 0x10, ports 22 and 53
    $TC class add dev $WAN parent 2:1 classid 2:10 htb rate 60kbit ceil 120kbit prio 1 quantum 1500
    $TC qdisc add dev $WAN parent 2:10 esfq perturb 10 hash dst
    $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip protocol 6 0xff \
    match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:10
    $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip dport 22 0xffff flowid 2:10
    $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip dport 53 0xffff flowid 2:10
    $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:10
    $TC filter add dev $WAN parent 2:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 2:10
    # server -> Internet
    $TC class add dev $WAN parent 2:1 classid 2:11 htb rate 30kbit ceil 120kbit prio 2 quantum 1500
    $TC qdisc add dev $WAN parent 2:11 esfq perturb 10 hash dst
    $TC filter add dev $WAN parent 2:0 protocol ip prio 3 handle 1 fw flowid 2:11
    $TC filter add dev $WAN parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:11

    Example: begin = "#!/bin/bash\n$TC=/usr/local/sbin/tc\n"

  • end

    Script footer. Default:

    }
    
    case "$1" in
        'start')
         start
        ;;
        'stop')
         stop
        ;;
        'status')
         echo "WAN Interface"
         echo "============="
         $TC class show dev $WAN | grep root
         $TC class show dev $WAN | grep -v root | sort | nl
         echo "LAN Interface"
         echo "============="
         $TC class show dev $LAN | grep root
         $TC class show dev $LAN | grep -v root | sort | nl
        ;;
        *)
         echo -e "\nUsage: rc.htb start|stop|status"
        ;;
    esac

    Example: end = ""

  • one_class_per_host

    Specify htb class creation policy. By default all computers of customer will be placed in one class. Setting it to 'true' will effect in that rules specified in host_htb_up and host_htb_down will be generated for all customer's computers (with different value of '%x'). Rules host_mark_down, host_mark_up, host_plimit and host_climit are generated for each node regardless of this option setting. Default: false

    Example: one_class_per_host = 1

  • host_mark_up

    Mark rule for each computer. Default:

    # %n
    $IPT -t mangle -A LIMITS -s %i -j MARK --set-mark %x

    Example: host_mark_up = ""

  • host_mark_down

    Mark rule for each offline computer. Default:

    $IPT -t mangle -A LIMITS -d %i -j MARK --set-mark %x

    Example: host_mark_down = ""

  • host_htb_down

    Rules for each computer executed when uprate and downrate value is above zero. Default:

    $TC class add dev $LAN parent 1:2 classid 1:%x htb rate %downratekbit ceil %downceilkbit $BURST prio 2 quantum 1500
    $TC qdisc add dev $LAN parent 1:%x esfq perturb 10 hash dst
    $TC filter add dev $LAN parent 1:0 protocol ip prio 5 handle %x fw flowid 1:%x

    Example: host_htb_down = ""

  • host_htb_up

    Rules for each computer executed when uprate and downrate value is above zero. Default:

    $TC class add dev $WAN parent 2:1 classid 2:%x htb rate %upratekbit ceil %upceilkbit $BURST prio 2 quantum 1500
    $TC qdisc add dev $WAN parent 2:%x esfq perturb 10 hash dst
    $TC filter add dev $WAN parent 2:0 protocol ip prio 5 handle %x fw flowid 2:%x

    Example: host_htb_up = ""

  • host_climit

    Rule with simultaneous TCP connections limit. Executed when climit value is above zero. Default:

    $IPT -t filter -I FORWARD -p tcp -s %i -m connlimit --connlimit-above %climit -m ipp2p --ipp2p -j REJECT

    Example: host_climit = "$IPT -t filter -I FORWARD -p tcp -s %i -m connlimit --connlimit-above -j REJECT"

  • host_plimit

    Rule with limiting of packets in time unit (here second). Executed when plimit value is above zero. Default:

    $IPT -t filter -I FORWARD -p tcp -d %i -m limit --limit %plimit/s -m ipp2p --ipp2p -j ACCEPT
    $IPT -t filter -I FORWARD -p tcp -s %i -m limit --limit %plimit/s -m ipp2p --ipp2p -j ACCEPT

    Example: host_plimit = ""

  • networks

    List of network names that should be included in configuration (case insensitive). Default: empty (all networks).

    Example: networks = "lan1 lan2"

  • customergroups

    List of customer groups that should be included in configuration (case insensitive). Default: empty (all groups).

    Example: customergroups = "group1 group2"

6.2.11. Dns

6.2.11.1. Description

Configuration of named zones. This is one of most complicated modules to setup. It creates zone files for each network and zone definition entries in named.conf on the basis of template files. Example templates are placed in /modules/dns/sample directory.

6.2.11.2. Configuration

  • forward-patterns

    Directory with zone templates. Default: forward.

    Example: forward-patterns = /dns/patterns/forward

  • reverse-patterns

    Directory with reverse zone templates. Default: reverse.

    Example: reverse-patterns = /dns/patterns/revers

  • generic-forward

    Default template. It will be used if directory specified by 'forward-patterns' doesn't contain a file with name corresponding to network domain name. Default: modules/dns/sample/forward/generic.

    Example: generic-forward = /dns/patterns/forward

  • generic-reverse

    Default template. It will be used if directory specified by 'reverse-patterns' doesn't contain a file with name corresponding to network IP address. Default: modules/dns/sample/reverse/generic.

    Example: generic-reverse = /dns/patterns/forward

  • forward-zones

    Directory for generated zone files. Default: modules/dns/sample/out/forward.

    Example: forward-zones = /dns/forward

  • reverse-zones

    Directory for generated reverse zone files. Default: modules/dns/sample/out/reverse.

    Example: reverse-zones = /dns/reverse

  • host-reverse

    Line in reverse zone file for each computer of given network. Default: "%n IN A %i\n".

    Example: host-reverse = "\t %n IN A %i\n"

  • host-forward

    Line in zone file for each computer of given network. Default: "%c IN PTR %n.%d.\n".

    Example: host-forward = "\t %c IN PTR %n.%d.\n"

  • conf-pattern

    Location of main template for server configuration file. Default: modules/dns/sample/named.conf.

    Example: conf-pattern = /dns/patterns/named.conf

  • conf-output

    Location of main configuration file. Default: /tmp/named.conf.

    Example: conf-output = /etc/named.conf

  • conf-forward-entry

    Entry for each zone in main configuration file. Default: 'zone "%n" {\ntype master;\n file "forward/%n"; \nnotify yes; \n}; \n'.

    Example: conf-forward-entry = 'zone "%n" { \n\ttype master; \n\tfile "forward/%n"; \n\tnotify yes; \n}; \n'

  • conf-reverse-entry

    Entry for each reverse zone in main configuration file. Default: 'zone "%c.in-addr.arpa" { \ntype master; \nfile "reverse/%i"; \nnotify yes; \n}; \n'.

    Example: conf-revers-entry = 'zone "%c.in-addr.arpa" { \n\ttype master; \n\tfile "reverse/%i"; \n\tnotify yes; \n}; \n'

  • command

    Shell command executed after files creation. Default: empty.

    Example: command = "killall -HUP named"

  • networks

    List of network names that should be included in configuration (case insensitive). Default: empty (all networks).

    Example: networks = "lan1 lan2"

  • customergroups

    List of customer (user) groups that should be included in configuration (case insensitive). Default: empty (all groups).

    Example: customergroups = "group1 group2"

6.2.12. Ethers

6.2.12.1. Description

This module creates configuration for system ARP table. Setting option 'dummy_macs' will put mac address 00:00:00:00:00:00 for all disconnected computers.

6.2.12.2. Configuration

Basic options:

  • file

    Location of output file. Default: /etc/ethers.

    Example: file = /tmp/ethers

  • command

    Shell command to execute after config file creation. Default: 'arp -f /etc/ethers'.

    Example: command = ""

  • dummy_macs

    If you set to 'yes', disconnected computers will get MAC '00:00:00:00:00:00'. Default: "no".

    Example: dummy_macs = yes

  • networks

    List of network names that should be included in configuration (case insensitive). Default: empty (all networks).

    Example: networks = "lan1 lan2"

  • customergroups

    List of customer groups names that should be included in configuration (case insensitive). Default: empty (all groups).

    Example: customergroups = "group1 group2"

6.2.13. Oident

6.2.13.1. Description

Module for oidentd configuration. Basically it can be created with hostfile module, but here you have ready-made default settings for this purpose.

6.2.13.2. Configuration

And here are the options of oident:

  • begin

    Text inserted on the beginning of file. Default: empty.

    Example: begin = "#Auto-generated\n"

  • end

    Text inserted on the end of file. Default: empty.

    Example: end = ""

  • host

    Line of text for each of computers. Default: "%i\t%n\tUNIX".

    Example: host = "%i %n WINDOWS"

  • file

    Configuration file. Default: /etc/oidentd.conf.

    Example: file = /tmp/identd.conf

  • networks

    List of networks. Default: empty (all networks).

    Example: networks = 'lan1 lan2'

  • command

    Shell command(s) to execute after file creation. Default: empty.

    Example: command = "killall -HUP oidentd"

6.2.14. Pinger

6.2.14.1. Description

Module pinger is an equivalent of lms-fping Perl script, however it has some fundamental differences. It doesn't need external program to check hosts availability and work with use of ARP protocol and thus it can perform network scanning about 2 times faster. Also there are no problems with hosts with ping response disabled or firewalled. After scanning, last-seen time is set for all online hosts in database used to illustrate hosts activity on nodes list and network map.

Note

Pinger for work use interface names, so (e.g. if you are using ip command) you'll need to label interfaces in your system (ip addr add ... label ...). Also remember, don't use a dots or dashes in interface names (ip allows that, but such a name is not usable for pinger).

6.2.14.2. Configuration

Pinger has only one config option:

  • networks

    List of network names. Default: empty (all networks).

    Example: networks = 'lan1 lan2'

6.2.15. Parser

6.2.15.1. Introduction

Parser module is based on a scripting language T-Script which primary purpose is to generate text files. It can be useful for processing templates with some additional data retrieved from data sources like SQL databases or text files. In lmsd's module contents of scripts are stored in database, so they can be edited via LMS-UI. In the future parser should replace almost all lmsd modules.

T-Script language is described in section T-Script.

Before compilation ensure that you have in your system packages bison (at least 1.875 version) and flex.

6.2.15.2. Configuration

Parser has following options:

  • script

    Contents of script. Default: empty.

    Example: script = '{var=1}variable var={var}'

  • file

    Location of output file. Default: empty.

    Example: file = /tmp/parser.out

  • command

    Shell command to execute after script compilation. Default: empty

    Example: command = "sh /tmp/parser.out"