Mercurial > prosody-modules
comparison mod_firewall/README.markdown @ 2594:1e1c929c1aa5
mod_firewall: Add and document CROSSING GROUPS condition
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 03 Mar 2017 12:31:15 +0000 |
| parents | 95b79d515a65 |
| children | f6a14cdc531b |
comparison
equal
deleted
inserted
replaced
| 2593:b61b0ff1c0f9 | 2594:1e1c929c1aa5 |
|---|---|
| 315 ### Groups | 315 ### Groups |
| 316 | 316 |
| 317 Using Prosody's mod\_groups it is possible to define groups of users on the server. You can | 317 Using Prosody's mod\_groups it is possible to define groups of users on the server. You can |
| 318 match based on these groups in firewall rules. | 318 match based on these groups in firewall rules. |
| 319 | 319 |
| 320 Condition Matches | 320 Condition Matches |
| 321 ------------- ---------------------------- | 321 ----------------- ---------------------------- |
| 322 `FROM GROUP` When the stanza is being sent from a member of the named group | 322 `FROM GROUP` When the stanza is being sent from a member of the named group |
| 323 `TO GROUP` When the stanza is being sent to a member of the named group | 323 `TO GROUP` When the stanza is being sent to a member of the named group |
| 324 `CROSSING GROUPS` When the stanza is being sent between users of different named groups | |
| 325 | |
| 326 #### CROSSING GROUPS | |
| 327 | |
| 328 The `CROSSING GROUPS` condition takes a comma-separated list of groups to check. If the | |
| 329 sender and recipient are not in the same group (only the listed groups are checked), then the | |
| 330 this condition matches and the stanza is deemed to be crossing between groups. | |
| 331 | |
| 332 For example, if you had three groups: Engineering, Marketing and Employees. All users are | |
| 333 members of the 'Employees' group, and the others are for employees of the named department only. | |
| 334 | |
| 335 To prevent employees in the marketing department from communicating with engineers, you could use | |
| 336 the following rule: | |
| 337 | |
| 338 ``` | |
| 339 CROSSING GROUPS: Marketing, Engineering | |
| 340 BOUNCE=policy-violation (no communication between these groups is allowed!) | |
| 341 ``` | |
| 342 | |
| 343 This works, even though both the users are in the 'Employees' group, because that group is not listed | |
| 344 in the condition. | |
| 345 | |
| 346 In the above example, a user who is member of both groups is not restricted. | |
| 324 | 347 |
| 325 #### SENT DIRECTED PRESENCE TO SENDER | 348 #### SENT DIRECTED PRESENCE TO SENDER |
| 326 | 349 |
| 327 This condition matches if the recipient of a stanza has previously sent directed presence to the sender of the stanza. This | 350 This condition matches if the recipient of a stanza has previously sent directed presence to the sender of the stanza. This |
| 328 is often done in XMPP to exchange presence information with JIDs that are not on your roster, such as MUC rooms. | 351 is often done in XMPP to exchange presence information with JIDs that are not on your roster, such as MUC rooms. |