unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-5.0)
Page:
Section:
Apropos / Subsearch:
optional field

UPSD.CONF(5)                Network UPS Tools (NUT)               UPSD.CONF(5)



NAME
       upsd.conf - Configuration for Network UPS Tools upsd


DESCRIPTION
       upsd  uses this file to control access to the server and set some other
       miscellaneous configuration values.   This  file  contains  details  on
       access  controls,  so  keep  it secure.  Ideally, only the upsd process
       should be able to read it.


ACCESS CONTROL CONFIGURATION
       ACL name netblock

              Define an Access Control List (ACL) called  name  that  contains
              the network netblock.  The netblock can be either the old style,
              such as this for a traditional "class C":

                   ACL mynet 192.168.50.0/255.255.255.0 (IPv4)

              Or, you can use new-style "CIDR format" (which is mandatory when
              IPv6 addresses are used):

                   ACL mynet 192.168.50.0/24 (IPv4)

                   ACL mynet 2001:0db8:1234::/48 (IPv6)

              To just list one host, it would look like one of these:

                   ACL mybox 192.168.50.1/255.255.255.255 (IPv4)

                   ACL mybox 192.168.50.1/32 (IPv4)

                   ACL mybox 2001:0db8:1234:08d3::0370:7344/128 (IPv6)

              ACLs  are  used whenever you need to refer to a network or host,
              such  as  in  ACCEPT/REJECT   definitions   (below)   and   with
              "allowfrom" in upsd.users(5).


       ACCEPT aclname [aclname...]

              ACCEPT  let  clients on the hosts or networks defined by aclname
              connect to upsd.  You may specify  multiple  ACL  names  on  the
              ACCEPT line, and you may have multiple ACCEPT lines.

                   ACCEPT localhost mybox

                   ACCEPT otherbox


       REJECT aclname [aclname...]

              Like  ACCEPT, but it denies access instead.  upsd will close the
              connection without reading any data from the network.

              Note: you should still use firewall rules if  your  system  pro-
              vides them.  That provides another level of coverage.

                   REJECT badbox

                   REJECT all


ACCESS CONTROL EXAMPLES
       Here is an example configuration to show some of what is possible.

       "bigserver"  has  a UPS attached to a serial port.  It runs the driver,
       upsd, and upsmon in master mode.  This definition  is  also  referenced
       with an "allowfrom" in upsd.users(8).

       "workstation"  draws from the same UPS as "bigserver", but has to moni-
       tor it over the network.  It runs upsmon in slave mode.    It  is  also
       referenced with an "allowfrom" in upsd.users(8).

       "webserver" doesn't get power from this UPS at all, but it runs the CGI
       programs so it can make nice status displays.

       An abuser's host is explicitly denied.

       Everything else is rejected.


                   ACL bigserver 10.20.30.1/32
                   ACL workstation 10.20.30.2/32
                   ACL webserver 10.20.30.3/32
                   ACL abuser 192.168.255.128/32
                   ACL all 0.0.0.0/0

                   ACCEPT bigserver workstation webserver
                   REJECT abuser
                   REJECT all

ACCESS CONTROL MATCHING
       ACCEPT and REJECT directives are checked in the  order  they  occur  in
       this  file.   The first ACL which matches a client causes the action to
       be taken.  If you need to ACCEPT one host and REJECT the rest of a net-
       work, first list the host, then list the network on a line below it.

            ACCEPT goodhost

            REJECT badnet

       Any IP address which does not match one of your directives will default
       to REJECT.  This is intended to keep your system safe if you forget  to
       put "REJECT all" at the bottom.

       If  you  really want the whole world to have access to upsd, you can do
       "ACCEPT all", but that is not recommended.


OTHER CONFIGURATION DIRECTIVES
       MAXAGE seconds

              upsd usually allows a driver to stop responding  for  up  to  15
              seconds before declaring the data "stale".  If your driver takes
              a very long time to process  updates  but  is  otherwise  opera-
              tional, you can use MAXAGE to make upsd wait longer.

              Most users should leave this at the default value.


       STATEPATH path

              Tell  upsd  to  look for the driver state sockets in path rather
              than the default that was compiled into the program.


       LISTEN interface port

              Bind a listening port to the interface specified by its Internet
              address.   This may be useful on hosts with multiple interfaces.
              You should not rely exclusively on this for security, as it  can
              be subverted on many systems.

              Listen  on  TCP port port instead of the default value which was
              compiled into the code.  This overrides any value you  may  have
              set  with  'configure --with-port'.  If you don't change it with
              configure or this value, upsd will listen on port 3493 for  this
              interface.

              Multiple  LISTEN  addresses may be specified.  The default is to
              bind to 0.0.0.0 if no LISTEN addresses are specified.


                   LISTEN 127.0.0.1
                   LISTEN 192.168.50.1
                   LISTEN ::1
                   LISTEN 2001:0db8:1234:08d3:1319:8a2e:0370:7344

       This parameter will only be read at startup.  You'll  need  to  restart
       (rather than reload) upsd to apply any changes made here.


SEE ALSO
       upsd(8), nutupsdrv(8), upsd.users(5)


   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.networkupstools.org/



                                Mon Jan 22 2007                   UPSD.CONF(5)