router-filter.xml.dist   [plain text]

<!-- This is the router filter ruleset.
     It allows for finegrained routing control.

     to, from - wildmat patterns
                absent attribute matches absence of attribute
                "*" matches any value of attribute
     what     - XPath like query
     error    - none given means allow, if given means deny
                this is an XMPP RFC defined error condition
     log      - if set, the matched packets will be logged in router log

     Rules are matched in order of apperance. First match is efffective.

  <!-- first allow any routing without to or from - it's internal. -->
  <rule from="*"/>
  <rule to="*"/>

  <!-- don't allow msn registrations, but... -->
  <!-- <rule from="" to=""/> -->
  <!-- <rule error="not-allowed" from="*" to="" what="iq/query?xmlns=jabber:iq:register" log="yes"/> -->

  <!-- this user should not talk with evil -->
  <!-- <rule error="not-allowed" from="" to="*" what="message"/> -->

  <!-- I don't want evil to read my data -->
  <!-- <rule error="forbidden" from="*" to="" what="iq/vCard" log="on"/> -->

  <!-- and finally, let's blind the world with some exceptions -->
  <rule from="*" to="*" what="presence"/>
  <rule from="" to="*" what="presence"/>
  <rule error="not-acceptable" from="*" to="*" what="presence"/>

  vim: syntax=xml