packet:xrpi:manpages:section1
This is an old revision of the document!
Table of Contents
Section 1 - General Commands
ACL.MAN
ACL(1) XROUTER REFERENCE MANUAL 23/10/2023
COMMAND
ACL -- IP Access Control List commands
SYNOPSIS
AC[l] D[eny] <source> <destination> [protocol]
AC[l] L[og] [0-3]
AC[l] M[ove] <rule number> <U[p] | D[own]>
AC[l] P[ermit] <source> <destination> [protocol]
AC[l] R[emove] <rule number>
AC[l] V[iew]
DESCRIPTION
The ACL command allows XRouter's IP Access Control List to
be viewed and edited on the fly without having to edit and
reload IPROUTE.SYS.
The Access Control List specifies which IP addresses are
allowed to send datagrams to, receive datagrams from, and
route datagrams through XRouter's TCP/IP stack. It is a
"packet filter", which operates on "rules".
A DENY rule denies access to a specified destination from a
specified source, whilst a PERMIT rule allows access. Both
types of rule can work on single addresses or whole subnets.
Rules can be added using the ACL commands, either at the
command line or in IPROUTE.SYS.
If the Access Control List contains no rules, the default
action is "permit", i.e. no filtering is performed. This is
unsatisfatory, but was necessary to maintain backward
compatability.
If one or more rules are present, the default action is
"deny", i.e. datagrams are ignored unless they match a
"permit" rule.
Rules are applied in the order in which they appear in the
table.
There is currently no mechanism to save a modified ACL back
to the IPROUTE.SYS file, as the ACL command is intended only
for on-the-fly changes.
The syntax for each sub-command can be revealed by
typing that sub-command without any arguments.
OPTIONS
Typing ACL without any arguments reveals the subcommands as
follows:
D[eny] Add a "deny" rule to the TCP/IP filter list
P[ermit] Add a "permit" rule to the TCP/IP filter list
M[ove] Moves a rule up or down in the list
R[emove] Remove a TCP/IP filter rule
V[iew] View TCP/IP filter rules
L[og] Display/change ACL logging state
The PERMIT and DENY sub-commands APPEND filter rules to the
IP Access Control List. The <source> and <destination>
arguments each have the form:
<ip_address>[/mask][:port]
<ip_address> is the source or destination IP address.
[mask] is an optional subnet mask, espressed EITHER as
the number of bits (0-32) of the IP address to
match from left to right, OR as a dotted quad.
[port] is an optional TCP or UDP port number. Omitting
this or setting it to 0 implies "any port".
[protocol] if present, restricts the rule to a single
protocol. This is the number of the higher level
protocol carried in the IP datagram, for example
TCP is 6 and UDP is 17. Omitting this field, or
setting it to 0 implies "any protocol".
The combination 0.0.0.0/32 is a special case matching any of
XRouter's IP addresses.
The VIEW subcommand displays all the rules. Each rule has a
number, which can be used by the REMOVE subcommand.
The REMOVE subcommand removes a rule. After removal, the
remaining rules are renumbered.
The LOG subcommand displays or sets the ACL logging level.
The only levels so far defined are:
Level Actions
-------------------------------------------
0 No ACL logging
1 Log denial events
2 Display denial events on IDS window
3 Log and display denial events
Typing ACL LOG without any arguments displays the current log
level.
If ACL logging is enabled, ACL events go into the main daily
log. Be aware that in some cases this might generate a lot of
logging, and in other cases virtually nothing. It depends on
how strict your rules are, what your IP routing table is
like, how open your system is to the outside world, and how
much it is attacked.
Logging defaults off, but the ACL LOG command may be used in
IPROUTE.SYS to set it on at bootup if desired.
EXAMPLES
Allow LAN sources to access any destination:
acl permit 192.168.0.0/16 0.0.0.0/0
Allow XRouter to access any destination:
acl permit 0.0.0.0/32 0.0.0.0/0
Prevent non-LAN sources from accessing our TCP port 513:
acl deny 0.0.0.0/0 192.168.0.245:513 6
AVAILABILITY
The ACL command is only available to sysops.
SEE ALSO
IPROUTE.SYS(8) -- IP Routing File.
IDS(9) -- Intrusion Detection System.
ACCESS.SYS(8) -- Telnet Access Control File.
AXSCTRL(9) -- TCP/IP Access Control.
ACL(1) END OF DOCUMENT
AMSG.MAN
AMSG(1) XROUTER REFERENCE MANUAL 19/10/2023 <code>
COMMAND
AMSG -- Enter APRS Messaging mode.
SYNOPSIS
AM[sg] <portnum>
DESCRIPTION
The AMSG command switches the user's session into APRS
messaging mode, enabling him to exchange messages and
bulletins with APRS and UI-View users.
The <portnum> argument specifies the radio port upon which
traffic will be sent and received. e.g. "AM 13" will use port
13.
Within messaging mode, all commands begin with a forward
slash (/), and anything else is treated as message text for
transmission. The commands are as follows:
/A[nnouncements] Show announcements
/B[ulletins] Show bulletins
/C[ancel] [#] List / cancel unacked message(s)
/D[irects] Show directly heard stations
/H[elp] [cmd] Display command help
/Monitor [on|off] Query / set traffic Monitor mode
/Q[uit] Quit (exit)
/T[arget] [call] Query / set target for msg
/U[iview] [on|off] Query / set UI-View mode
/V[ia] [digis] Query / set digipeater path
/X Exit
Only the first letter of each command needs to be supplied.
A few are worthy of further explanation....
The /D command shows a list of all the stations heard
directly, i.e. not via digipeaters or 3rd party networks.
Before any type of message or query can be sent, the user
must specify a "target" address, using "/T [call]". For
messages, the target is a callsign. For bulletins the target
should be BLN#*, where "#" represents a single digit, and "*"
represents the bulletin category of up to 5 characters.
Announcements use the same format as bulletins, except that
"#" represents a non-digit. Attempting to send a message
without first defining a target will result in an error
response. The target remains in force until a new target is
specified. The current target can be displayed by entering
"/T" alone, or cleared by entering an invalid target, e.g.
"/T .".
Outgoing messages and bulletins are re-transmitted at
intervals until either an acknowledgement is received, or too
many retries have taken place. Bulletins are re-transmitted
every 20 minutes for 4 hours, whilst announcements are re-
transmitted every hour for 4 days. Messages are initially re-
transmitted after 10 seconds, then the interval doubles with
each re-send. When the interval exceeds approximately 1.5
hours, the message is expired and re-transmission ceases.
The "cancel" command allows the re-transmission of outgoing
messages and bulletins to be cancelled at any time before
expiry.
The /M (Monitor) command allows other APRS and UI-View
message traffic on the channel to be watched. The default
is "off". Entering /M by itself shows the current state.
The /U (Ui-View mode) command sets the type of outgoing
message to be used. The default is "off", which means that
all outgoing messages will be in APRS format. If turned "on",
outgoing messages will be in "UI-View" format. In either
mode, both types of message can be received. UI-View messages
will display with a tilde (~) between the message and its ID,
whereas APRS-format messages will display with a curly
opening bracket ({) if a message ID was supplied. In UI-View
mode, "\<decimal>" will send a UIVIEW message whose text
portion contains a single byte of value <decimal>, e.g.
"\254" sends a PING request.
/Q (quit) and /X (exit) are identical in function, exiting
message mode and returning the user to XRouter's main command
prompt.
The /V (via) command sets the digipeater path for outgoing
messages, or if used by itself displays the currently set
path. The path defaults to the port APRSPATH specified in
XROUTER.CFG. In APRS mode, the destination call is fixed at
APZ###, where ### is the 3 digit Xrouter version number,
whereas in UI-View mode the destination call is set by the
/Target command.
The /H (help) command is used to display help for the
messaging commands. If no argument is supplied, a very brief
(low bandwidth) command resume is displayed. If the help
files are installed, "/H *" will list the help available, and
"/H <cmd>" can be used to obtain more detailed help for
<cmd>, e.g. "/H /V". Note that the leading slash of the
argument is ignored, so "/H V" is equally valid.
NOTES
If Xrouter receives an APRS message whose target address is a
user currently logged into the APRS messaging shell, the
message is delivered to the user and, if there was a message
ID, an acknowledgement is sent. Each re-send of the message
is acknowledged, because a re-send probably indicates that
the sender didn't receive the previous ack.
If the same message is received twice within 30 seconds, the
second copy is ignored. This helps to eliminate duplicates
received via different digipeater routes.
Expired messages are retained for 1 day before being deleted.
During this interval they will be reactivated if a "?APRSM"
query is received from the target station. Outgoing
bulletins and announcements are not retained after expiry.
Incoming bulletins are retained for 4 hours after last
received, and incoming announcements are retained for 4 days
after last received.
The APRS spec limits the maximum message length to 67
characters. Because a message ID of up to 6 characters is
appended to the message, XRouter splits messages longer than
61 characters into separate messages no longer than 61
characters (excluding ID) each.
All APRS facilities are an ongoing experiment and may be
liable to change as development continues. The so-called
"APRS Protocol Reference" is rather fuzzy in places!
AVAILABILITY
All users, but guests can't send messages.
AMSG(1) END OF DOCUMENT
packet/xrpi/manpages/section1.1745054641.txt.gz · Last modified: 2025/04/19 09:24 by m0mzf