Mercurial > prosody-wiki
comparison mod_firewall.wiki @ 353:2396160dca7c
Fix examples of zone and rate definitions
author | MWild1@gmail.com |
---|---|
date | Thu, 16 May 2013 12:00:24 +0000 |
parents | 206f6bf2356c |
children | 4e1a0785c0e4 |
comparison
equal
deleted
inserted
replaced
352:31eb570f6bc0 | 353:2396160dca7c |
---|---|
27 }}} | 27 }}} |
28 | 28 |
29 FROM is a condition, and DROP is an action. This is about as simple as it gets. How about heading to the other extreme? Let's demonstrate something more complex that mod_firewall can do for you: | 29 FROM is a condition, and DROP is an action. This is about as simple as it gets. How about heading to the other extreme? Let's demonstrate something more complex that mod_firewall can do for you: |
30 | 30 |
31 {{{ | 31 {{{ |
32 ZONE myorganisation: staff.myorg.example, support.myorg.example | 32 %ZONE myorganisation: staff.myorg.example, support.myorg.example |
33 | 33 |
34 ENTERING: myorganisation | 34 ENTERING: myorganisation |
35 KIND: message | 35 KIND: message |
36 TIME: 12am-9am, 5pm-12am, Saturday, Sunday | 36 TIME: 12am-9am, 5pm-12am, Saturday, Sunday |
37 REPLY=Sorry, I am afraid our office is closed at the moment. If you need assistance, please call our 24-hour support line on 123-456-789. | 37 REPLY=Sorry, I am afraid our office is closed at the moment. If you need assistance, please call our 24-hour support line on 123-456-789. |
54 A 'zone' is one or more hosts or JIDs. It is possible to match when a stanza is entering or leaving a zone, while at the same time not matching traffic passing between JIDs in the same zone. | 54 A 'zone' is one or more hosts or JIDs. It is possible to match when a stanza is entering or leaving a zone, while at the same time not matching traffic passing between JIDs in the same zone. |
55 | 55 |
56 Zones are defined at the top of a script with the following syntax (they are not part of a rule block): | 56 Zones are defined at the top of a script with the following syntax (they are not part of a rule block): |
57 | 57 |
58 {{{ | 58 {{{ |
59 ZONE myzone: host1, host2, user@host3, foo.bar.example | 59 %ZONE myzone: host1, host2, user@host3, foo.bar.example |
60 }}} | 60 }}} |
61 | 61 |
62 A host listed in a zone also matches all users on that host (but not subdomains). | 62 A host listed in a zone also matches all users on that host (but not subdomains). |
63 | 63 |
64 The following zone-matching conditions are supported: | 64 The following zone-matching conditions are supported: |
166 It is possible to selectively rate-limit stanzas, and use rules to decide what to do with stanzas when over the limit. | 166 It is possible to selectively rate-limit stanzas, and use rules to decide what to do with stanzas when over the limit. |
167 | 167 |
168 First, you must define any rate limits that you are going to use in your script. Here we create a limiter called 'normal' that will allow 2 stanzas per second, and then we define a rule to bounce messages when over this limit. Note that the `RATE` definition is not part of a rule (multiple rules can share the same limiter). | 168 First, you must define any rate limits that you are going to use in your script. Here we create a limiter called 'normal' that will allow 2 stanzas per second, and then we define a rule to bounce messages when over this limit. Note that the `RATE` definition is not part of a rule (multiple rules can share the same limiter). |
169 | 169 |
170 {{{ | 170 {{{ |
171 RATE normal: 2 (burst 3) | 171 %RATE normal: 2 (burst 3) |
172 | 172 |
173 KIND: message | 173 KIND: message |
174 LIMIT: normal | 174 LIMIT: normal |
175 BOUNCE=policy-violation (Sending too fast!) | 175 BOUNCE=policy-violation (Sending too fast!) |
176 }}} | 176 }}} |