Software /
code /
prosody-modules
Diff
mod_firewall/README.markdown @ 2096:b75d29a162cd
mod_firewall: README: Document chains
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Wed, 16 Mar 2016 12:43:17 +0000 |
parent | 2095:3b4a6d255d7a |
child | 2102:2c225b4b93d2 |
line wrap: on
line diff
--- a/mod_firewall/README.markdown Wed Mar 16 12:42:51 2016 +0000 +++ b/mod_firewall/README.markdown Wed Mar 16 12:43:17 2016 +0000 @@ -322,3 +322,41 @@ TO: user@example.com LOG=[debug] User received: $(stanza) +Chains +------ + +Rules are grouped into "chains", which are injected at particular points in Prosody's routing code. + +Available chains are: + + Chain Description + -------------- ------------------------------------------------------------------------------------------- + deliver Applies to stanzas delivered to local recipients (regardless of the stanza's origin) + deliver_remote Applies to stanzas delivered to remote recipients (just before they leave the local server) + preroute Applies to incoming stanzas from local users, before any routing rules are applied + +By default, if no chain is specified, rules are put into the 'deliver' chain. + +Example of chain use: + + # example.com's firewall script + + # This line is optional, because 'deliver' is the default chain anyway: + ::deliver + + # This rule matches any stanzas delivered to our local user bob: + TO: bob@example.com + DROP. + + # Oops! This rule will never match, because alice is not a local user, + # and only stanzas to local users go through the 'deliver' chain: + TO: alice@remote.example.com + DROP. + + # Create a 'preroute' chain of rules: + ::preroute + # These rules are matched for outgoing stanzas from local clients + + # This will match any stanzas sent to alice from a local user: + TO: alice@remote.example.com + DROP.