+scripting to provide the Hourglass User Interface on the selected
+port.
+
+NOTE: The Hourglass Web Service requires a front-end HTTP server.
+
+== APPENDIX
+
+=== Hourglass Deployment Variables
+
+This is an enumeration of all Hourglass deployment variables as
+provided with the sample +hourglass.conf+. The configuration file may
+also include comments, which are lines starting with semi-colon (;) or
+hash (#) to end of line, and blank lines.
+
+.listener variables
+****
+These variables are predominantly used by the Hourglass listener
+daemon.
+
+listener.net = 192.168.123:: is the first three quads of the IP
+address to use for the "listener network", with a final component
+being +1+ for the host and +2+ for the listener daemon. The listener
+daemon acts as a virtual host and is set up vie +setup.sh+ to receive
+copies of some network packets for the purpose of measuring activity.
+
+listener.ports = 80 443:: is the port numbers of concern, separated by
+whitespace or comma, towards activity detection. Only packets to these
+ports will be considered.
+
+listener.activity.dir = activity :: is the directory in which the
+activity files are stored. The Hourglass listener daemon operates
+continuously and populates one measure per day with a full sequence of
+(roughly) per-minute packet count measures.
+
+listener.tap = hourglass:: is the name to use for the network tap that
+is set up to be the interface for the virtual listener host.
+****
+
+.control bot variables
+****
+These variables are predominantly used by the Hourglass policy bot.
+
+control.action = ipset-control.lsp:: is the name of the control action
+script to use. Currently only +ipset-control.lsp+ is available.
+
+control.dat = control.dat:: is the pathname for the policy file. The
+content is a newlisp format expression; a list with sublists to
+represent the desired control policy. It is typically generated by the
+Hourglass web service and then used by the Hourglass control bot.
+
+control.net = 10.0.0.0/8:: is the IP/bits code of the network to be
+controlled.
+
+control.extra.dat = control-extra.dat:: is the pathname for the ad-hoc
+time override. This is a pair of numbers that define an overriding
+"network open" time period of that many hours and minutes starting at
+the modification time of the file itself
+
+control.usage.dat = usage.dat:: the filename to use for the usage
+state. This is a newlisp expression of the current hours and minutes
+of usage. The file is generated by the Hourglass policy bot to be used
+and displayed via the Hourglass web service.
+
+control.usage.tmp = usage.tmp:: is the temporary filename to use for
+the usage state update. The state update is written to this file which
+then is renamed as per +control.usage.dat+; this process avoids the
+risk of the Hourglass web service accessing an incompletely written
+file.
+
+control.activity.gap = 10:: is how many minutes of low activity is
+needed for identifying an idle period.
+
+control.activity.clip = 1000:: is the count measure limit for low
+activity.
+****
+
+----
+; control.dat example
+; Updated at Sun Aug 8 22:53:01 2021
+((1 timed (5 30) (2 0) (20 0))
+ (2 timed (7 30) (1 0) (20 0))
+ (3 timed (7 30) (1 0) (20 0))
+ (4 timed (7 30) (1 0) (20 0))
+ (5 timed (7 30) (3 0) (22 0))
+ (6 timed (7 30) (1 0) (20 0))
+ (7 timed (7 30) (1 0) (20 0))
+ )
+----
+
+.ipset control action variables
+****
+These variables are used by the +ipset-control.lsp+ control action
+script to translate the desire of open/closed network into control
+actions of adding/removing the +control.net+ network to/from the
++ipset+ set that is set up via +setup.sh+ to constitute a blocking
++iptables+ rule for network traffic.
+
+ipset.bin = /sbin/ipset:: is the pathname for the +ipset+ binary.
+
+ipset.table = TIMO:: is the name of the ipset set.
+****
+
+.web service variables
+****
+These variables are predominantly used by the Hourglass web service.
+
+wui.port = 1070:: is the port for the HTTP service.