I've tried to implement this

legoscia — Thu, 22 Sep 2005 10:49:35 +0000

I have made an attempt at implementing this, and attached it to the bugzilla entry. Comments and testing welcome...

I think I'm going to need to

dev_null123 — Wed, 21 Sep 2005 02:15:01 +0000

I think I'm going to need to write my own filter. Something that can basically strip out the XML and perform routing verification. I sense this is going to be a duanting task....

I think you need filter_packet

mfoss — Mon, 19 Sep 2005 08:15:18 +0000

Am I correct in assuming that these ACLs are strictly used in the context of c2s communications?

Let's see what do you get when you do this:

{hosts, ["domainx.com", "domainy.com"]}.

{acl, domainy, [{user, "*@domainy.com"}]}.

{host_config, "domainy", [
  {access, c2s, [{allow, domainy}, {deny, all}]}
]}.

{listen, [
  {5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}]},
  ...
]}.

With this config, ejabberd will only accept C2S connections on port 5222 to 'domainy.com' if the user is from 'domainy.com'. As you can see, this is normal behaviour, not a restriction at all.

I guess that you want:

packets sent to the server by domainy.com users are checked individually and...
if the packet is sent to a JID with server not equal to 'domainy.com' then...
then the packet is discarded,
else the packet is sent as usual.

Maybe filter_packet can be used to do this, but you must know it's a hook, not a configuration option. So, it's meant to be used to code filters into ejabberd, it's not a filter in itself.

One possible implementation: a new module that allows filtering packets by the sender's server and/or receiver's server. That module registers to that hook, and can be configured on ejabberd.cfg.

ejabberd - Comments for "s2s (server-to-server) Filtering"

I've tried to implement this

I think I'm going to need to

I think you need filter_packet