Mercurial > prosody-wiki
comparison mod_firewall.wiki @ 353:2396160dca7c
Fix examples of zone and rate definitions
| author | MWild1@gmail.com |
|---|---|
| date | Thu, 16 May 2013 12:00:24 +0000 |
| parents | 206f6bf2356c |
| children | 4e1a0785c0e4 |
comparison
equal
deleted
inserted
replaced
| 352:31eb570f6bc0 | 353:2396160dca7c |
|---|---|
| 27 }}} | 27 }}} |
| 28 | 28 |
| 29 FROM is a condition, and DROP is an action. This is about as simple as it gets. How about heading to the other extreme? Let's demonstrate something more complex that mod_firewall can do for you: | 29 FROM is a condition, and DROP is an action. This is about as simple as it gets. How about heading to the other extreme? Let's demonstrate something more complex that mod_firewall can do for you: |
| 30 | 30 |
| 31 {{{ | 31 {{{ |
| 32 ZONE myorganisation: staff.myorg.example, support.myorg.example | 32 %ZONE myorganisation: staff.myorg.example, support.myorg.example |
| 33 | 33 |
| 34 ENTERING: myorganisation | 34 ENTERING: myorganisation |
| 35 KIND: message | 35 KIND: message |
| 36 TIME: 12am-9am, 5pm-12am, Saturday, Sunday | 36 TIME: 12am-9am, 5pm-12am, Saturday, Sunday |
| 37 REPLY=Sorry, I am afraid our office is closed at the moment. If you need assistance, please call our 24-hour support line on 123-456-789. | 37 REPLY=Sorry, I am afraid our office is closed at the moment. If you need assistance, please call our 24-hour support line on 123-456-789. |
| 54 A 'zone' is one or more hosts or JIDs. It is possible to match when a stanza is entering or leaving a zone, while at the same time not matching traffic passing between JIDs in the same zone. | 54 A 'zone' is one or more hosts or JIDs. It is possible to match when a stanza is entering or leaving a zone, while at the same time not matching traffic passing between JIDs in the same zone. |
| 55 | 55 |
| 56 Zones are defined at the top of a script with the following syntax (they are not part of a rule block): | 56 Zones are defined at the top of a script with the following syntax (they are not part of a rule block): |
| 57 | 57 |
| 58 {{{ | 58 {{{ |
| 59 ZONE myzone: host1, host2, user@host3, foo.bar.example | 59 %ZONE myzone: host1, host2, user@host3, foo.bar.example |
| 60 }}} | 60 }}} |
| 61 | 61 |
| 62 A host listed in a zone also matches all users on that host (but not subdomains). | 62 A host listed in a zone also matches all users on that host (but not subdomains). |
| 63 | 63 |
| 64 The following zone-matching conditions are supported: | 64 The following zone-matching conditions are supported: |
| 166 It is possible to selectively rate-limit stanzas, and use rules to decide what to do with stanzas when over the limit. | 166 It is possible to selectively rate-limit stanzas, and use rules to decide what to do with stanzas when over the limit. |
| 167 | 167 |
| 168 First, you must define any rate limits that you are going to use in your script. Here we create a limiter called 'normal' that will allow 2 stanzas per second, and then we define a rule to bounce messages when over this limit. Note that the `RATE` definition is not part of a rule (multiple rules can share the same limiter). | 168 First, you must define any rate limits that you are going to use in your script. Here we create a limiter called 'normal' that will allow 2 stanzas per second, and then we define a rule to bounce messages when over this limit. Note that the `RATE` definition is not part of a rule (multiple rules can share the same limiter). |
| 169 | 169 |
| 170 {{{ | 170 {{{ |
| 171 RATE normal: 2 (burst 3) | 171 %RATE normal: 2 (burst 3) |
| 172 | 172 |
| 173 KIND: message | 173 KIND: message |
| 174 LIMIT: normal | 174 LIMIT: normal |
| 175 BOUNCE=policy-violation (Sending too fast!) | 175 BOUNCE=policy-violation (Sending too fast!) |
| 176 }}} | 176 }}} |