Mercurial > prosody-modules
annotate mod_s2s_whitelist/mod_s2s_whitelist.lua @ 2558:2b533a7b5236
mod_firewall: Make PASS bubble up through all chains, and add DEFAULT and RETURN
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 24 Feb 2017 09:38:20 +0000 |
parents | c1a8ce147885 |
children |
rev | line source |
---|---|
1288
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 local st = require "util.stanza"; |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 local whitelist = module:get_option_inherited_set("s2s_whitelist", {}); |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 module:hook("route/remote", function (event) |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 if not whitelist:contains(event.to_host) then |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted")); |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 return true; |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 end |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 end, 100); |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 module:hook("s2s-stream-features", function (event) |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 if not whitelist:contains(event.origin.from_host) then |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 event.origin:close({ |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 condition = "policy-violation"; |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 text = "Communication with this domain is restricted"; |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 }); |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 end |
c1a8ce147885
mod_s2s_whitelist: The opposite of mod_s2s_blacklist
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 end, 1000); |