|
|
@@ -7,22 +7,44 @@ acl:
|
|
|
- ::1/128
|
|
|
- ::FFFF:127.0.0.1/128
|
|
|
admin:
|
|
|
+ # username without domain matches any JID that has Username in any virtual host served by ejabberd
|
|
|
user:
|
|
|
- - "admin@localhost"
|
|
|
+# - "admin@example.com"
|
|
|
+ - "admin"
|
|
|
|
|
|
access_rules:
|
|
|
+ ## This rule allows access only for local users:
|
|
|
local:
|
|
|
- allow: local
|
|
|
+ - allow: local
|
|
|
+ ## Only non-blocked users can use c2s connections:
|
|
|
c2s:
|
|
|
- deny: blocked
|
|
|
- allow: all
|
|
|
+ - deny: blocked
|
|
|
+ - allow
|
|
|
+ ## Only admins can send announcement messages:
|
|
|
announce:
|
|
|
- allow: admin
|
|
|
+ - allow: admin
|
|
|
+ ## Only admins can use the configuration interface:
|
|
|
configure:
|
|
|
- allow: admin
|
|
|
+ - allow: admin
|
|
|
+ ## Only accounts of the local ejabberd server can create rooms:
|
|
|
muc_create:
|
|
|
- allow: local
|
|
|
+ - allow: local
|
|
|
+ ## Only accounts on the local ejabberd server can create Pubsub nodes:
|
|
|
pubsub_createnode:
|
|
|
- allow: local
|
|
|
+ - allow: local
|
|
|
+ ## In-band registration allows registration of any possible username.
|
|
|
+ ## To disable in-band registration, replace 'allow' with 'deny'.
|
|
|
+ register:
|
|
|
+ - deny
|
|
|
+ ## Only allow to register from localhost
|
|
|
trusted_network:
|
|
|
- allow: loopback
|
|
|
+ - allow: loopback
|
|
|
+ ## Do not establish S2S connections with bad servers
|
|
|
+ ## If you enable this you also have to uncomment "s2s_access: s2s"
|
|
|
+ ## s2s:
|
|
|
+ ## - deny:
|
|
|
+ ## - ip: "XXX.XXX.XXX.XXX/32"
|
|
|
+ ## - deny:
|
|
|
+ ## - ip: "XXX.XXX.XXX.XXX/32"
|
|
|
+ ## - allow
|
|
|
+
|
Dominik