# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1390660406 -3600
# Node ID c1a8ce1478857b3eed1815dce6b2c2509dcaec4e
# Parent  da2e593317d7d3affe0b21abe521ef0502c18c29
mod_s2s_whitelist: The opposite of mod_s2s_blacklist

diff -r da2e593317d7 -r c1a8ce147885 mod_s2s_whitelist/mod_s2s_whitelist.lua
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_s2s_whitelist/mod_s2s_whitelist.lua	Sat Jan 25 15:33:26 2014 +0100
@@ -0,0 +1,19 @@
+local st = require "util.stanza";
+
+local whitelist = module:get_option_inherited_set("s2s_whitelist", {});
+
+module:hook("route/remote", function (event)
+	if not whitelist:contains(event.to_host) then
+		module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted"));
+		return true;
+	end
+end, 100);
+
+module:hook("s2s-stream-features", function (event)
+	if not whitelist:contains(event.origin.from_host) then
+		event.origin:close({
+			condition = "policy-violation";
+			text = "Communication with this domain is restricted";
+		});
+	end
+end, 1000);