Содержание

Service Management

Subscriber management is performed using the utility fdpi_ctrl.

We recommend using Named profiles, which will simplify service management.

Command Syntax

General command format:

fdpi_ctrl command --service service_id [IP_list] [LOGIN_list]

Command parameter breakdown:

Parameter Description, possible values, and format Note
command Values:
1. load — load data
2. del — delete. For --service, the service_id must be specified
3. list — show information for the specified IP_list or all information if the argument all is specified.
In the list and del commands, instead of an IP/LOGIN list, you can specify all, which applies the command to all.
service_id Numeric ID corresponding to a service from the list.
IP_list Values:
1. --file — file with IP list
2. --ip — single IP, format: 192.168.0.1
3. --ip_range — IP range (inclusive), format: 192.168.0.1-192.168.0.5
4. --cidr — IP with port, format: 192.168.0.0/30, 5.200.43.0/24~ (CIDR range with excluded boundary addresses)
The CIDR range can exclude boundary addresses (gateway and broadcast addresses under classless addressing) by adding the ~ symbol at the end of the CIDR definition, e.g., --cidr 5.200.43.0/24~.
LOGIN_list Values:
1. --file — file with login list
2. --login — single login, format: USER1, "FIRST_NAME LAST_NAME" (option to use login with escaped special characters)
"USER1" — example of using login in double quotes
'USER2' — example of using login in single quotes
A line starting with # is a comment.

List of Services

When enabling blocking services (4, 16, 49), only TCP traffic is blocked. To block UDP traffic as well, you need to enable the udp_block parameter.
ID Short Description Link to Detailed Description
1 Bonus program Description
2 Advertising Description
3 Ad blocking Description
4 Blacklist filtering Description
5 Whitelist and Captive Portal Description
6 HTTP redirect notification Description
7 Caching Description
8 Passed DDOS protection Description
9 RADIUS accounting / netflow statistics collection for billing Description
10 DDOS protection Description
11 CGNAT and NAT 1:1 Description
12 Traffic recording in PCAP Description
13 Mini Firewall Description
14 Traffic recording in PCAP Description
15 Special subscriber (all traffic goes to cs0, filtering service (4) is not applied to vChannel and general channel) Description
16 Whitelist and redirection to Captive Portal without internet access Description
17 Traffic mirroring to a specified VLAN Description
18 Session-based policing for certain protocols and traffic classification at channel and subscriber levels Description
19 DNS response substitution, future plans: redirect DNS queries to the provider's DNS server Description
49 IPv6 traffic blocking Description
50 Participant in a marketing campaign with notification via HTTP redirect Description
51 Reserved (internal service)
254 VRF Description

Examples

  1. Enable service:
    fdpi_ctrl load --service 9 --ip 192.168.0.1
    # or
    fdpi_ctrl load --service 9 --login USER1
  2. Disable service:
    fdpi_ctrl del --service 9 --ip 192.168.0.1
  3. Get list with the connected service:
    fdpi_ctrl list all --service 9
  4. Get information for a specific IP:
    fdpi_ctrl list --service 9 --ip 192.168.0.1
  5. When specifying the IP list, you can simultaneously specify several options: --file, --ip, --ip_range, --cidr:
    fdpi_ctrl list --service 9 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1

    The operation will apply to all specified elements where no error occurred.
    :!: If an error occurs, changes are not rolled back!

  6. Enabling services with named profiles:
    fdpi_ctrl load --service 4 --profile.name blocked --login Test

TCP and UDP Protocol Blocking Configuration

The parameter udp_block is responsible for blocking the UDP protocol. If the udp_block parameter is present in the DPI configuration file /etc/dpi/fastdpi.conf, both TCP and UDP will be blocked; if absent, only TCP will be blocked.

To start blocking UDP protocols (e.g., QUIC), add the udp_block parameter with a value of 2 or 3 (start blocking after two or three passed packets). These values are set because sometimes a large number of individual packets pass, which are not accounted for in the traffic but can put a heavy load on DPI.

udp_block=3

Adding the parameter does not require a DPI restart; a simple reload is sufficient:

service fastdpi reload