router-filter.xml.dist   [plain text]

<!-- This is the router filter ruleset.
     It allows for finegrained routing control.

     to, from - wildmat patterns
                absent attribute matches absence of attribute
                "*" matches any value of attribute
     what     - XPath like query
     error    - none given means allow, if given means deny
                this is an XMPP RFC defined error condition

  <!-- first allow any routing without to or from - it's internal. -->
  <rule from="*"/>
  <rule to="*"/>

  <!-- don't allow msn registrations, but... -->
  <!-- <rule from="*" to="*"/> -->
  <!-- <rule error="not-allowed" from="*" to="" what="iq/query?xmlns=jabber:x:register"/> -->

  <!-- this user should not talk with evil -->
  <!-- <rule error="not-allowed" from="" to="**" what="message"/> -->

  <!-- I don't want evil to read my data -->
  <!-- <rule error="forbidden" from="**" to="" what="iq/vCard"/> -->

  <!-- and finally, let's blind the world with some exceptions -->
  <rule from="**" to="*" what="presence"/>
  <rule from="*" to="*" what="presence"/>
  <rule error="not-acceptable" from="*" to="*" what="presence"/>

  <rule id="apple000"/>
  <rule id="apple001" from="*"/>
  <rule id="apple002" to="*"/>
  <rule id="apple003" from="pubsub.*" to="*" what="message"/>
  <rule id="apple004" from="*" to="pubsub.*" what="message"/>
  <rule id="apple005" error="forbidden" from="*" to="*" what="message"/>
  <rule id="apple006" error="forbidden" from="*" to="*" what="iq/vCard"/>

  vim: syntax=xml