Hi there,
Is there a possibility for conflicts to arise between the whitelists
and blacklists, for example S2S?
Are IP addresses in the server configuration such as Openfire and
Prosody in the blacklist examined before the whitelist?
Can the following scenario happen where I want to make an exception of
a certain IP address:
Whitelist: IP 192.168.1.7
Blacklist: IP 192.168.1.*
If the blacklist is checked first then there is a conflict with what
was intended by the whitelist above.
In the scenario where you want to allow all IP addresses in a specific
range except a single IP:
Whitelist: IP 192.168.1.*
Blacklist: IP 192.168.1.7
and if the whitelist is checked first, then the intended blacklist is
not upheld.
If a whitelist is only used, then I presume only those IP addresses
have access and the default policy will be to drop other IP addresses.
Similarly, if one only has a blacklist (whitelist is empty) then
packets not matching the blacklist will be accepted due to a default
policy of accept.
What happens if you have some whitelist IP addresses and some
blacklist IP addresses? That is, what happens to packets that don't
match either the whitelist or blacklist? Are they dropped or accepted
by default?
>From an initial glance at an ejabbered server configuration, it looks
like whitelist and blacklists are based on their ordering, for
example,
{{s2s_host, "192.168.1.7"}, allow}.
{{s2s_host, "192.168.1.*"}, deny}.
{{s2s_host, "some other IP"}, allow}.
This is similar to the approach taken by a set of firewall rules.
Note, I am completely new to the XMPP area and so my line of question
may be quite trivial.
regards,
Paddy
