Mercurial > prosody-wiki
annotate mod_firewall.wiki @ 335:225827f3940e
Created wiki page through web user interface. Phew.
| author | MWild1@gmail.com |
|---|---|
| date | Fri, 05 Apr 2013 12:00:12 +0000 |
| parents | |
| children | b33e70726d6a |
| rev | line source |
|---|---|
|
335
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
1 #summary A rule-based stanza filtering module |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
2 #labels Stage-Alpha |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
3 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
4 ---- |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
5 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
6 *Note:* mod_firewall is in its very early stages. This documentation is liable to change, and some described functionality may be missing, incomplete or contain bugs. Feedback is welcome in the comments section at the bottom of this page. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
7 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
8 ---- |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
9 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
10 = Introduction = |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
11 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
12 A firewall is an invaluable tool in the sysadmin's toolbox. However while low-level firewalls such as iptables and pf are incredibly good at what they do, they are generally not able to handle application-layer rules. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
13 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
14 The goal of mod_firewall is to provide similar services at the XMPP layer. Based on rule scripts it can efficiently block, bounce, drop, forward, copy, redirect stanzas and more! Furthermore all rules can be applied and updated dynamically at runtime without restarting the server. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
15 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
16 = Details = |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
17 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
18 mod_firewall loads one or more scripts, and compiles these to Lua code that reacts to stanzas flowing through Prosody. The firewall script syntax is unusual, but straightforward. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
19 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
20 A firewall script is dominated by rules. Each rule has two parts: conditions, and actions. When a stanza matches all of the conditions, all of the actions are executed in order. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
21 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
22 Here is a simple example to block stanzas from spammer@example.com: |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
23 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
24 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
25 FROM: spammer@example.com |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
26 DROP. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
27 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
28 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
29 FROM is a condition, and DROP is an action. This is about as simple as it gets. How about heading to the other extreme? Let's demonstrate something more complex that mod_firewall can do for you: |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
30 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
31 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
32 ZONE myorganisation: staff.myorg.example, support.myorg.example |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
33 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
34 ENTERING: myorganisation |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
35 KIND: message |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
36 TIME: 12am-9am, 5pm-12am, Saturday, Sunday |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
37 REPLY=Sorry, I am afraid our office is closed at the moment. If you need assistance, please call our 24-hour support line on 123-456-789. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
38 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
39 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
40 This rule will reply with a short message whenever someone tries to send a message to someone at any of the hosts defined in the 'myorganisation' outside of office hours. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
41 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
42 == Conditions == |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
43 All conditions must come before any action in a rule block. The condition name is followed by a colon (':'), and the value to test for. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
44 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
45 === Zones === |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
46 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
47 A 'zone' is one or more hosts or JIDs. It is possible to match when a stanza is entering or leaving a zone, while at the same time not matching traffic passing between JIDs in the same zone. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
48 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
49 Zones are defined at the top of a script with the following syntax (they are not part of a rule block): |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
50 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
51 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
52 ZONE myzone: host1, host2, user@host3, foo.bar.example |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
53 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
54 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
55 A host listed in a zone also matches all users on that host (but not subdomains). |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
56 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
57 The following zone-matching conditions are supported: |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
58 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
59 || *Condition* || *Matches* || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
60 || `ENTERING` || When a stanza is entering the named zone || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
61 || `LEAVING` || When a stanza is leaving the named zone || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
62 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
63 === Stanza matching === |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
64 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
65 || *Condition* || *Matches* || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
66 || `KIND` || The kind of stanza. May be 'message', 'presence' or 'iq' || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
67 || `TYPE` || The type of stanza. This varies depending on the kind of stanza. See 'Stanza types' below for more information. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
68 || `PAYLOAD` || The stanza contains a child with the given namespace. Useful for determining the type of an iq request, or whether a message contains a certain extension. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
69 || `INSPECT` || The node at the specified path exists or matches a given string. This allows you to look anywhere inside a stanza. See below for examples and more. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
70 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
71 ==== Stanza types ==== |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
72 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
73 || *Stanza* || *Valid types* || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
74 || iq || get, set, result, error || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
75 || presence || _available_, unavailable, probe, subscribe, subscribed, unsubscribe, unsubscribed, error || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
76 || message || normal, chat, groupchat, headline, error || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
77 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
78 *Note:* The type 'available' for presence does not actually appear in the protocol. Available presence is signalled by the omission of a type. Similarly, a message stanza with no type is equivalent to one of type 'normal'. mod_firewall handles these cases for you automatically. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
79 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
80 ==== INSPECT ==== |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
81 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
82 INSPECT takes a 'path' through the stanza to get a string (an attribute value or text content). An example is the best way to explain. Let's check that a user is not trying to register an account with the username 'admin'. This stanza comes from [http://xmpp.org/extensions/xep-0077.html#example-4 XEP-0077: In-band Registration]: |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
83 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
84 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
85 <iq type='set' id='reg2'> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
86 <query xmlns='jabber:iq:register'> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
87 <username>bill</username> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
88 <password>Calliope</password> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
89 <email>bard@shakespeare.lit</email> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
90 </query> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
91 </iq> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
92 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
93 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
94 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
95 KIND: iq |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
96 TYPE: set |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
97 PAYLOAD: jabber:iq:register |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
98 INSPECT: {jabber:iq:register}query/username#=admin |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
99 BOUNCE=not-allowed The username 'admin' is reserved. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
100 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
101 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
102 That weird string deserves some explanation. It is a path, divided into segments by '/'. Each segment describes an element by its name, optionally prefixed by its namespace in curly braces ('{...}'). If the path ends with a '#' then the text content of the last element will be returned. If the path ends with '@name' then the value of the attribute 'name' will be returned. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
103 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
104 INSPECT is somewhat slower than the other stanza matching conditions. To minimise performance impact, always place it below other faster condition checks where possible (e.g. above we first checked KIND, TYPE and PAYLOAD matched before INSPECT). |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
105 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
106 === Sender/recipient matching === |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
107 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
108 || *Condition* || *Matches* || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
109 || `FROM` || The JID in the 'from' attribute matches the given JID || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
110 || `TO` || The JID in the 'to' attribute matches the given JID || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
111 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
112 These conditions both accept wildcards in the JID when the wildcard expression is enclosed in angle brackets ('<...>'). For example: |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
113 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
114 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
115 # All users at example.com |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
116 FROM: <*>@example.com |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
117 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
118 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
119 # The user 'admin' on any subdomain of example.com |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
120 FROM: admin@<*.example.com> |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
121 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
122 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
123 *Note:* It is important to know that 'example.com' is a valid JID on its own, and does *not* match 'user@example.com'. To perform domain whitelists or blacklists, use Zones. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
124 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
125 *Note:* Some chains execute before Prosody has performed any normalisation or validity checks on the to/from JIDs on an incoming stanza. It is not advisable to perform access control or similar rules on JIDs in these chains (see the chain documentation for more info). |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
126 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
127 == Actions == |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
128 Actions come after all conditions in a rule block. There must be at least one action, though conditions are optional. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
129 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
130 An action without parameters ends with a full-stop/period ('.'), and one with parameters uses an equals sign ('='): |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
131 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
132 {{{ |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
133 # An action with no parameters: |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
134 DROP. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
135 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
136 # An action with a parameter: |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
137 REPLY=Hello, this is a reply. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
138 }}} |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
139 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
140 === Route modification === |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
141 The most common actions modify the stanza's route in some way. Currently the first matching rule to do so will halt further processing of actions and rules (this may change in the future). |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
142 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
143 || *Action* || *Description* || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
144 || `PASS.` || Stop executing actions and rules on this stanza, and let it through this chain. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
145 || `DROP.` || Stop executing actions and rules on this stanza, and discard it. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
146 || `REDIRECT=jid` || Redirect the stanza to the given JID. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
147 || `REPLY=text` || Reply to the stanza (assumed to be a message) with the given text. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
148 || `BOUNCE.` || Bounce the stanza with the default error (usually service-unavailable) || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
149 || `BOUNCE=error` || Bounce the stanza with the given error (MUST be a defined XMPP stanza error, see [http://xmpp.org/rfcs/rfc6120.html#stanzas-error-conditions RFC6120]. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
150 || `BOUNCE=error (text)` || As above, but include the supplied human-readable text with a description of the error || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
151 || `COPY=jid` || Make a copy of the stanza and send the copy to the specified JID. || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
152 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
153 === Stanza modification === |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
154 These actions make it possible to modify the content and structure of a stanza. |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
155 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
156 || *Action* || *Description* || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
157 || `STRIP=name` || Remove any child elements with the given name in the default namespace || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
158 || `STRIP=name namespace` || Remove any child elements with the given name and the given namespace || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
159 || `INJECT=xml` || Inject the given XML into the stanza as a child element || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
160 |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
161 === Informational === |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
162 || *Action* || *Description* || |
|
225827f3940e
Created wiki page through web user interface. Phew.
MWild1@gmail.com
parents:
diff
changeset
|
163 || `LOG=message` || Logs the given message to Prosody's log file. Optionally prefix it with a log level in square brackets, e.g. `[debug]`|| |