Global - bwmtools

3.1 The `<global>` section

This section contains global tags pertaining to either the operation of BWM Tools or definitions used in other sections. These tags are detailed below...

Module management in the <modules> section

This section is used to load modules when bwmd starts. The syntax to load a module is as follows...
```
          	<load name="kernel_module_name" />
     
```
The <load /> tag takes the following parameters...
- name="..." - This is the name of the module to load
- params="..." - Parameters to load module with
Here is how it can be used to load the ip_queue kernel module required by bwmd for shaping. Including ftp connection tracking to allow users to ftp through a tightly secured firewall.
```
          <firewall>
              <global>
                  <modules>
                      <load name="ip_queue"/>
                      <load name="ip_nat_ftp"/>
                      <load name="ip_conntrack_ftp"/>
                  </modules>
              </global>
          .
          .
          .
          </firewall>
     
```
Class definition in the <class> section

This section is used to define classes used in both firewalling and network address translation. The basic syntax is as follows...
```
              <class name="traffic_from_support">
                  <address name="pete_in" src="192.168.0.100" />
              </class>
     
```
The <class> tag has got no other options apart from name.

The <address /> tag on the other hand has the following options...
- name="..." - This is a descriptive name for the address, isn't really used anywhere
- cmd-line="..." - Optional command line arguments for iptables, for example cmd-line="-m helper --helper <string>"
- dst="..." - Optional destination IP address
- dst-iface="..." - Optional destination interface
- dst-port="..." - Optional destination port
- proto="..." - Optional protocol specification, any valid protocol in /etc/protocols
- src="..." - Optional source IP address
- src-iface="..." - Optional source interface
- src-port="..." - Optional source port
Here is an example how it can be used to match connections over a specific number...
```
          <firewall>
              <global>
              .
              .
              .
                  <class name="excess_connections_to_webserver">
                      <address name="excess_to_server1" dst="192.168.0.100" proto="tcp" dst-port="80" cmd-line="-m connlimit --connlimit-above 10"/>
                  </class>
              </global>
          .
          .
          .
          </firewall>
     
```

3.1 The <global> section

3.1 The `<global>` section