DESCRIPTION
upsd uses this file to control access to the server and set some other
miscellaneous configuration values. This file contains details on
access controls, so keep it secure. Ideally, only the upsd process
should be able to read it.
ACCESS CONTROL CONFIGURATION
ACL name netblock
Define an Access Control List (ACL) called name that contains
the network netblock. The netblock can be either the old style,
such as this for a traditional "class C":
ACL mynet 192.168.50.0/255.255.255.0 (IPv4)
Or, you can use new-style "CIDR format" (which is mandatory when
IPv6 addresses are used):
ACL mynet 192.168.50.0/24 (IPv4)
ACL mynet 2001:0db8:1234::/48 (IPv6)
To just list one host, it would look like one of these:
ACL mybox 192.168.50.1/255.255.255.255 (IPv4)
ACL mybox 192.168.50.1/32 (IPv4)
ACL mybox 2001:0db8:1234:08d3::0370:7344/128 (IPv6)
ACLs are used whenever you need to refer to a network or host,
such as in ACCEPT/REJECT definitions (below) and with
"allowfrom" in upsd.users(5).
ACCEPT aclname [aclname...]
ACCEPT let clients on the hosts or networks defined by aclname
connect to upsd. You may specify multiple ACL names on the
ACCEPT line, and you may have multiple ACCEPT lines.
ACCEPT localhost mybox
ACCEPT otherbox
REJECT aclname [aclname...]
Like ACCEPT, but it denies access instead. upsd will close the
connection without reading any data from the network.
with an "allowfrom" in upsd.users(8).
"workstation" draws from the same UPS as "bigserver", but has to moni-
tor it over the network. It runs upsmon in slave mode. It is also
referenced with an "allowfrom" in upsd.users(8).
"webserver" doesn't get power from this UPS at all, but it runs the CGI
programs so it can make nice status displays.
An abuser's host is explicitly denied.
Everything else is rejected.
ACL bigserver 10.20.30.1/32
ACL workstation 10.20.30.2/32
ACL webserver 10.20.30.3/32
ACL abuser 192.168.255.128/32
ACL all 0.0.0.0/0
ACCEPT bigserver workstation webserver
REJECT abuser
REJECT all
ACCESS CONTROL MATCHING
ACCEPT and REJECT directives are checked in the order they occur in
this file. The first ACL which matches a client causes the action to
be taken. If you need to ACCEPT one host and REJECT the rest of a net-
work, first list the host, then list the network on a line below it.
ACCEPT goodhost
REJECT badnet
Any IP address which does not match one of your directives will default
to REJECT. This is intended to keep your system safe if you forget to
put "REJECT all" at the bottom.
If you really want the whole world to have access to upsd, you can do
"ACCEPT all", but that is not recommended.
OTHER CONFIGURATION DIRECTIVES
MAXAGE seconds
upsd usually allows a driver to stop responding for up to 15
seconds before declaring the data "stale". If your driver takes
a very long time to process updates but is otherwise opera-
tional, you can use MAXAGE to make upsd wait longer.
be subverted on many systems.
Listen on TCP port port instead of the default value which was
compiled into the code. This overrides any value you may have
set with 'configure --with-port'. If you don't change it with
configure or this value, upsd will listen on port 3493 for this
interface.
Multiple LISTEN addresses may be specified. The default is to
bind to 0.0.0.0 if no LISTEN addresses are specified.
LISTEN 127.0.0.1
LISTEN 192.168.50.1
LISTEN ::1
LISTEN 2001:0db8:1234:08d3:1319:8a2e:0370:7344
This parameter will only be read at startup. You'll need to restart
(rather than reload) upsd to apply any changes made here.
SEE ALSO
upsd(8), nutupsdrv(8), upsd.users(5)
Internet resources:
The NUT (Network UPS Tools) home page: http://www.networkupstools.org/
Mon Jan 22 2007 UPSD.CONF(5)
Man(1) output converted with
man2html