Содержание
Service Management
Subscriber management is performed using the utility fdpi_ctrl.
We recommend using Named profiles, which will simplify service management.
Command Syntax
General command format:
fdpi_ctrl command --service service_id [IP_list] [LOGIN_list]
Command parameter breakdown:
| Parameter | Description, possible values, and format | Note |
|---|---|---|
command | Values: 1. load — load data2. del — delete. For --service, the service_id must be specified3. list — show information for the specified IP_list or all information if the argument all is specified. | In the list and del commands, instead of an IP/LOGIN list, you can specify all, which applies the command to all. |
service_id | Numeric ID corresponding to a service from the list. | |
IP_list | Values: 1. --file — file with IP list2. --ip — single IP, format: 192.168.0.13. --ip_range — IP range (inclusive), format: 192.168.0.1-192.168.0.54. --cidr — IP with port, format: 192.168.0.0/30, 5.200.43.0/24~ (CIDR range with excluded boundary addresses) | The CIDR range can exclude boundary addresses (gateway and broadcast addresses under classless addressing) by adding the ~ symbol at the end of the CIDR definition, e.g., --cidr 5.200.43.0/24~. |
LOGIN_list | Values: 1. --file — file with login list2. --login — single login, format: USER1, "FIRST_NAME LAST_NAME" (option to use login with escaped special characters) | "USER1" — example of using login in double quotes 'USER2' — example of using login in single quotes |
A line starting with
# is a comment.
List of Services
When enabling blocking services (4, 16, 49), only TCP traffic is blocked. To block UDP traffic as well, you need to enable the
udp_block parameter.
| ID | Short Description | Link to Detailed Description |
|---|---|---|
| 1 | Bonus program | Description |
| 2 | Advertising | Description |
| 3 | Ad blocking | Description |
| 4 | Blacklist filtering | Description |
| 5 | Whitelist and Captive Portal | Description |
| 6 | HTTP redirect notification | Description |
| 7 | Caching | Description |
| 8 | Passed DDOS protection | Description |
| 9 | RADIUS accounting / netflow statistics collection for billing | Description |
| 10 | DDOS protection | Description |
| 11 | CGNAT and NAT 1:1 | Description |
| 12 | Traffic recording in PCAP | Description |
| 13 | Mini Firewall | Description |
| 14 | Traffic recording in PCAP | Description |
| 15 | Special subscriber (all traffic goes to cs0, filtering service (4) is not applied to vChannel and general channel) | Description |
| 16 | Whitelist and redirection to Captive Portal without internet access | Description |
| 17 | Traffic mirroring to a specified VLAN | Description |
| 18 | Session-based policing for certain protocols and traffic classification at channel and subscriber levels | Description |
| 19 | DNS response substitution, future plans: redirect DNS queries to the provider's DNS server | Description |
| 49 | IPv6 traffic blocking | Description |
| 50 | Participant in a marketing campaign with notification via HTTP redirect | Description |
| 51 | Reserved (internal service) | |
| 254 | VRF | Description |
Examples
- Enable service:
fdpi_ctrl load --service 9 --ip 192.168.0.1 # or fdpi_ctrl load --service 9 --login USER1
- Disable service:
fdpi_ctrl del --service 9 --ip 192.168.0.1
- Get list with the connected service:
fdpi_ctrl list all --service 9
- Get information for a specific IP:
fdpi_ctrl list --service 9 --ip 192.168.0.1
- When specifying the IP list, you can simultaneously specify several options:
--file,--ip,--ip_range,--cidr:fdpi_ctrl list --service 9 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1
The operation will apply to all specified elements where no error occurred.
If an error occurs, changes are not rolled back!
- Enabling services with named profiles:
fdpi_ctrl load --service 4 --profile.name blocked --login Test
TCP and UDP Protocol Blocking Configuration
The parameter udp_block is responsible for blocking the UDP protocol. If the udp_block parameter is present in the DPI configuration file /etc/dpi/fastdpi.conf, both TCP and UDP will be blocked; if absent, only TCP will be blocked.
To start blocking UDP protocols (e.g., QUIC), add the udp_block parameter with a value of 2 or 3 (start blocking after two or three passed packets). These values are set because sometimes a large number of individual packets pass, which are not accounted for in the traffic but can put a heavy load on DPI.
udp_block=3
Adding the parameter does not require a DPI restart; a simple reload is sufficient:
service fastdpi reload