On 3/14/12 9:26 AM, Michael Humphries-Dolnick wrote: > Peter, thanks for the quick reply. > >> If you want to do something like whitelist connections to port 5269 (or >> whatever you decide to use for s2s), you might need to do that at the >> firewall >> level, not the application level. > > Yes, I thought of that, but IIRC after a connection is initiated, the daemon > does a dialback validation; the initial connection would be OK with the > RELATED,ESTABLISHED but then I think dialback validation would get blocked > (although I haven't tested this). Does this follow what you know of how s2s > behaves?
That is a sensible approach to implementation (I am not a jabberd2 developer so I can't say for sure). But it's not clear to me how that implemenation detail aligns with your initial request. Peter -- Peter Saint-Andre https://stpeter.im/