https://www.ejabberd.im/node/357 en https://www.ejabberd.im/node/357#comment-744 <p>Something like the above (or maybe something more general, being able to specify ACLs about whom users are able to contact regardless of the target being reached by S2S or locally) would be neat. There is a <noindex><a href="http://www.jabber.ru/bugzilla/show_bug.cgi?id=42" rel="nofollow" >feature request in Bugzilla</a></noindex> for that, so vote for it, or write the code if you can.</p> Tue, 30 Aug 2005 07:50:39 +0000 legoscia comment 744 at https://www.ejabberd.im https://www.ejabberd.im/node/357#comment-742 <p>{acl, jasmine, {server, "jasmine.lvchd1"}}.<br /> {acl, iscbuh4, {server, "jabber.iscbuh4.sim.uz.gov.ua"}}.<br /> {acl, jabber.dp.uz.gov.ua, {server, "jabber.dp.uz.gov.ua"}}.</p> <p>{access, s2smy, [{allow, iscbuh4}, {allow, jasmine}, {deny, all}]}.</p> <p>{listen,<br /> .....<br /> {5269, ejabberd_s2s_in, [{access, s2smy}, {shaper, s2s_shaper}]},<br /> ....<br /> ]}.</p> <p>I try'ed to establish incoming contact adding from <noindex><a href="mailto:malik@jabber.dp.uz.gov.ua" rel="nofollow" >malik@jabber.dp.uz.gov.ua</a></noindex> and outgoing to <noindex><a href="mailto:malik@jabber.dp.uz.gov.ua" rel="nofollow" >malik@jabber.dp.uz.gov.ua</a></noindex>. That worked without any restrictions :(.</p> <p>Irrelative of above written: As I see from this name 'ejabberd_s2s_in' this corresponds only to incoming connections, but what about outgoing connections?</p> Mon, 29 Aug 2005 13:02:58 +0000 malik comment 742 at https://www.ejabberd.im https://www.ejabberd.im/node/357#comment-717 <blockquote>1. I want that only 10.0.0.0/8 subnet can use c2s.</blockquote> <p>It seems not possible on ejabberd, as you said.</p> <blockquote>2. By default I want my users talk ONLY with jabber servers defined by me. But, some defined users (by jid) can talk to all other servers.</blockquote> <p>There's a similar question on the mailing list: <a href="http://comments.gmane.org/gmane.network.jabber.ejabberd/1342">deny networks with ejabberd</a>. I don't know yet if it will work at all. </p> <blockquote>3. By default I want to prevent my users from using ICQ/MSN/IRC/etc transports. </blockquote> <p>This question seems related to 2, so let's see if 2 can be solved...</p> <p>If all this works, then you'll want to allow some privileged JIDs full access. I don't know if ejabberd supports currently a filtering as specific as you want. I guess you can setup a test server, register some accounts and try yourself. And take a close look at the ejabberd Guide sections (acl, accessname and listen parts). If so, post your results and maybe we can provide new ideas.</p> Mon, 15 Aug 2005 15:16:23 +0000 mfoss comment 717 at https://www.ejabberd.im