Home » Forums » ejabberd & XMPP » ejabberd Administration

ACL for all user

Submitted by kripul on Mon, 2016-10-24 06:27

Hi, according this post https://www.ejabberd.im/forum/25588/single-user-only-allowed-connect-spe...
Can I configure to all my user? How?
The goal is all user only can connect/login from my VPN IP.
Thanks!

‹ how to enforce users to use specific ejabberd client[SOLVED] Ejabberd crashes after 2.1.5 -> 16.09 upgrade ›

Your case is very similar,

Submitted by badlop on Mon, 2016-10-24 10:59.

Your case is very similar, simply put ip in the list. For example, this allows c2s connections from your vpn list (the ones with IP in the 127.0.0.1/8 range), and denies everything else:

acl:
  vpn:
    ip:
      - "127.0.0.0/8"

access_rules:
  c2s:
    - allow: vpn
    - deny

Or a more short version that works in recent ejabberd versions:

access_rules:
  c2s:
    - allow:
      - ip: "127.0.0.1/8"
    - deny
»

badlop wrote: Your case is

Submitted by kripul on Wed, 2016-10-26 18:24.
badlop wrote:

Your case is very similar, simply put ip in the list. For example, this allows c2s connections from your vpn list (the ones with IP in the 127.0.0.1/8 range), and denies everything else:

acl:
  vpn:
    ip:
      - "127.0.0.0/8"

access_rules:
  c2s:
    - allow: vpn
    - deny

Or a more short version that works in recent ejabberd versions:

access_rules:
  c2s:
    - allow:
      - ip: "127.0.0.1/8"
    - deny

Do you mean
all:deny
or just "deny"?
I got folowing error

2016-10-26 18:21:15.765 [info] <0.455.0>@ejabberd_listener:accept:333 (#Port<0.7157>) Accepted connection ::FFFF:111.221.44.148:55806 -> ::FFFF:46.165.219.131:5222
2016-10-26 18:21:17.785 [info] <0.470.0>@ejabberd_c2s:wait_for_feature_request:740 ({socket_state,p1_tls,{tlssock,#Port<0.7157>,#Port<0.7158>},<0.469.0>}) Accepted authentication for modem by ejabberd_auth_internal from ::FFFF:111.221.44.148
2016-10-26 18:21:18.578 [error] <0.470.0>@acl:match_acl:339 Wrong ACL expression: {ip,{{111,221,44,148},32}}
Check your config file and reload it with the override_acls option enabled
2016-10-26 18:21:18.578 [error] <0.470.0>@acl:match_acl:339 Wrong ACL expression: {ip,{{111,221,44,148},32}}
Check your config file and reload it with the override_acls option enabled
2016-10-26 18:21:18.578 [error] <0.470.0>@acl:match_acl:339 Wrong ACL expression: {ip,{{111,221,44,148},32}}
Check your config file and reload it with the override_acls option enabled
2016-10-26 18:21:18.578 [error] <0.470.0>@acl:match_acl:339 Wrong ACL expression: {ip,{{111,221,44,148},32}}
Check your config file and reload it with the override_acls option enabled
2016-10-26 18:21:18.578 [info] <0.470.0>@ejabberd_c2s:wait_for_session:1141 ({socket_state,p1_tls,{tlssock,#Port<0.7157>,#Port<0.7158>},<0.469.0>}) Forbidden session for modem@xmpp.rajaapi.net/maryamuzzamani

my ejabberd.yml
http://pastebin.com/HCpjd1bD

»

I copied your config to my

Submitted by badlop on Thu, 2016-10-27 15:32.

I copied your config to my ejabberd 16.09 server. First I adapted the served hosts and certfile. Then I had to define the IP address as IPv6, because you configured the 5222 listener to be IPv6:

  vpn:
     ip:
       - "::FFFF:127.0.0.1"

Then finally I am able to login with a client from the same machine that the server:


(ejabberd@localhost)1> 17:34:29.738 [info] (#Port<0.19422>)
 Accepted connection ::FFFF:127.0.0.1:35111 -> ::FFFF:127.0.0.1:5222
17:34:35.502 [info] ({socket_state,gen_tcp,#Port<0.19422>,<0.485.0>})
 Accepted authentication for user2 by undefined from ::FFFF:127.0.0.1
17:34:35.590 [info] ({socket_state,gen_tcp,#Port<0.19422>,<0.485.0>})
 Opened session for user2@localhost/tka1

In your case, maybe you are using an ejabberd version from a few months ago, which still don't support that 'ip' option?

»
Syndicate content

User login