Subscriber management is performed using the utility fdpi_ctrl
.
General command format:
fdpi_ctrl command --service service_id [IP_list] [LOGIN_list]
Command parameter breakdown:
Parameter | Description, possible values, and format | Note |
---|---|---|
command | Values: 1. load — load data2. del — delete. For --service , the service_id must be specified3. list — show information for the specified IP_list or all information if the argument all is specified. | In the list and del commands, instead of an IP/LOGIN list, you can specify all , which applies the command to all. |
service_id | Numeric ID corresponding to a service from the list. | |
IP_list | Values: 1. --file — file with IP list2. --ip — single IP, format: 192.168.0.1 3. --ip_range — IP range (inclusive), format: 192.168.0.1-192.168.0.5 4. --cidr — IP with port, format: 192.168.0.0/30, 5.200.43.0/24~ (CIDR range with excluded boundary addresses) | The CIDR range can exclude boundary addresses (gateway and broadcast addresses under classless addressing) by adding the ~ symbol at the end of the CIDR definition, e.g., --cidr 5.200.43.0/24~ . |
LOGIN_list | Values: 1. --file — file with login list2. --login — single login, format: USER1, "FIRST_NAME LAST_NAME" (option to use login with escaped special characters) | "USER1" — example of using login in double quotes 'USER2' — example of using login in single quotes |
#
is a comment.
udp_block
parameter.
ID | Short Description | Link to Detailed Description |
---|---|---|
1 | Bonus program | Description |
2 | Advertising | Description |
3 | Ad blocking | Description |
4 | Blacklist filtering | Description |
5 | Whitelist and Captive Portal | Description |
6 | HTTP redirect notification | Description |
7 | Caching | Description |
8 | Passed DDOS protection | Description |
9 | RADIUS accounting / netflow statistics collection for billing | Description |
10 | DDOS protection | Description |
11 | CGNAT and NAT 1:1 | Description |
12 | Traffic recording in PCAP | Description |
13 | Mini Firewall | Description |
14 | Traffic recording in PCAP | Description |
15 | Special subscriber (all traffic goes to cs0, filtering service (4) is not applied to vChannel and general channel) | Description |
16 | Whitelist and redirection to Captive Portal without internet access | Description |
17 | Traffic mirroring to a specified VLAN | Description |
18 | Session-based policing for certain protocols and traffic classification at channel and subscriber levels | Description |
19 | DNS response substitution, future plans: redirect DNS queries to the provider's DNS server | Description |
49 | IPv6 traffic blocking | Description |
50 | Participant in a marketing campaign with notification via HTTP redirect | Description |
51 | Reserved (internal service) | |
254 | VRF | Description |
fdpi_ctrl load --service 9 --ip 192.168.0.1 # or fdpi_ctrl load --service 9 --login USER1
fdpi_ctrl del --service 9 --ip 192.168.0.1
fdpi_ctrl list all --service 9
fdpi_ctrl list --service 9 --ip 192.168.0.1
--file
, --ip
, --ip_range
, --cidr
: fdpi_ctrl list --service 9 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1
The operation will apply to all specified elements where no error occurred.
If an error occurs, changes are not rolled back!
fdpi_ctrl load --service 4 --profile.name blocked --login Test
The parameter udp_block
is responsible for blocking the UDP protocol. If the udp_block
parameter is present in the DPI configuration file /etc/dpi/fastdpi.conf
, both TCP and UDP will be blocked; if absent, only TCP will be blocked.
To start blocking UDP protocols (e.g., QUIC), add the udp_block
parameter with a value of 2 or 3 (start blocking after two or three passed packets). These values are set because sometimes a large number of individual packets pass, which are not accounted for in the traffic but can put a heavy load on DPI.
udp_block=3
Adding the parameter does not require a DPI restart; a simple reload is sufficient:
service fastdpi reload