readme.html 7.16 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
	<title>Packet Filter Plugin Readme</title>
    <style type="text/css">
        BODY {
            font-size : 100%;
        }
        BODY, TD, TH {
            font-family : tahoma, verdana, arial, helvetica, sans-serif;
            font-size : 0.8em;
        }
        H2 {
             font-size : 10pt;
             font-weight : bold;
        }
        A:hover {
            text-decoration : none;
        }
        H1 {
            font-family : tahoma, arial, helvetica, sans-serif;
            font-size : 1.4em;
            font-weight: bold;
            border-bottom : 1px #ccc solid;
            padding-bottom : 2px;
        }

        TT {
            font-family : courier new;
            font-weight : bold;
            color : #060;
        }
        PRE {
            font-family : courier new;
            font-size : 100%;
        }
        #datatable TH {
            color : #fff;
            background-color : #2A448C;
            text-align : left;
        }
        #datatable TD {
            background-color : #FAF6EF;
        }
        #datatable .name {
            background-color : #DCE2F5;
        }
    </style>
</head>
<body>


<h1>
Packet Filter Plugin Readme
</h1>

<h2>Overview</h2>

<p>
The packet filter plugin allows you to create rules that will block or reject certain packets to the server.
If you are upgrading, this version *WILL DELETE ALL YOUR OLD RULES!* I wasn't happy with some of the design
of the 1.0 version so I fixed it. The old format of the rules was unworkable with the new and I couldn't find
a good way to convert from the old format, sorry. 
</p>

67 68 69 70 71 72 73 74 75 76
<h2>Group Rule Auto Creation</h2>
<p>
By default the packet filter plugin will auto-create rules on Shared Group changes ensuring groups can always communicate with each other.
<br/>
To disable this behaviour set the following Openfire System Property to false:
</p>
<ul>
		<li>packetfilter.autocreate.grouprules - true/false</li>
</ul>

77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
<h2>Installation</h2>

<p>Copy packetFilter.jar into the plugins directory of your Openfire installation. The
plugin will then be automatically deployed. To upgrade to a new version, copy the new
packetFilter.jar file over the existing file.</p>

<p>Currently only the following databases are supported :</p>
<ul>
    <li>Postgresql</li>
    <li>Mysql</li>
    <li>MSSQL</li>
    <li>Hsqldb (embedded)</li>
    <li>Oracle - I created a schema for this and put it in the database/extra subdirectory of the plugin.
        I can't get the schema to automatically apply itself when the plugin deploys, it has to be deployed
        manually</li>
</ul>
<h2>Configuration</h2>

<p>The Packet Filter plugin can be configured under "Server"-"Server Settings"-"Packet Filter Rules".</p>

<h2>Using the Plugin - Creating Rules</h2>

<h2>Actions</h2>
<p>
  Actions come in 3 types Pass, Drop and Reject.
  <ul>
    <li>Pass - This will allow the packet to be delivered normally.</li>
    <li>Drop - This will silently drop the packet without notifying the sender.</li>
    <li>Reject - This rule tries to notify the person who sent it that their message was rejected.
             There are a couple issues with this. First, not all clients handle forbidden packet
             condition. The notification of users that their packet was rejected is therefore pretty
             spotty, your mileage may vary. This rule has 2 configurable options that can be set in
             the system properties screen :</li>
             <ul>
                <li>1. pf.rejectMessage : Defaults to "Your message was rejected by the packet filter".</li>
                <li>2. pf.rejectSubject : Defaults to "Rejected"</li>
                <li>3. pf.From : Defaults to "packetFilter".</li>
             </ul>
  </ul>

<h2>Disable</h2>
<p>
    This allows you to quickly disable a rule without deleting it. Disabled rules will still appear on the main
    rule page but will have a strike through like so :
</p>
<img src="/plugins/packetfilter/disabled.gif" alt="disabled rule">

<h2>Packet Type</h2>
<p>
    This specifies what type of packets you want to disable your choices are :
    <ul>
        <li>
            Message - Regular old message.
        </li>
        <li>
            Presence - Presence Info.
        </li>
        <li>
           IQ - Used to transfer most other data.
        </li>
        <li>
           MUC - Multi User Chat, chat rooms.
        </li>
        <li>
           MUC Private Message - A private message within a chat room
        </li>
        <li>
            Any - All of the above
        </li>
    </ul>


<h2>From</h2>
<p>
    This specifies the source base JID. Currently resource specific rules aren't supported.
    The options for specifying a source are :

    <ul>
        <li>
            Any - Just like it sounds, if the source is anything.
        </li>
        <li>
            User - These are all the local users defined on your Openfire server, all user accounts.
        </li>
        <li>
            Group - All groups defined on your server. The source will match if the sender is a member of the specified
163
            group or if Any Group is selected will match members in any group.
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
        </li>
        <li>
            Other - This will let you specify a free form JID. (test@example.com). One wild card can be specified to do
            a whole domain e.g. *@example.com.
        </li>
    </ul>



<h2>To</h2>
<p>
   This specifies the destination base JID. The options for selecting the destination JID are the same as above.
</p>

<h2>Log</h2>

<p>
    This prints a message to the info.log when the rule is executed. This is recommend only for trouble shooting as
    it can fill up the logs pretty quickly in production environments. Some example output :
</p>
<p>
    Rejecting packet from bart@nate-putnams-computer.local/Adium to lisa@nate-putnams-computer.local/Psi
</p>

<h2>Description</h2>

Leave yourself a note so you can remember why you wrote the rule in the first place. :)

<h2>Changing Rule Order</h2>

<p>
    The first rule that matches an incoming packet will be executed. For example consider the following rules :
</p>
    <img src="/plugins/packetfilter/examplerules.gif" alt="example rules"/>
<p>
    Here we don't want any of the Simpson's talking to each other so every message from members of the Simpson group
    to each other are dropped. However, Marge and Homer should be able to talk to each other. To accomplish this rules
    allowing Homer to send message packets to Marge and vice versa are placed before the drop rule. New rules are automatically
    appended to the rule list. Rules can be moved at anytime using the arrows in the UI. When a rule is moved the changes
    take effect immediately.
</p>

<h2> Known Issues</h2>

<li> Selectable components are only loaded when the plugin is initialized. If you add a component (AIM Transport etc..), it won't appear in the rule form until the server or plugin is restarted.</li> 

<li> 2.0 will delete all your 1.0 rules. </li>
<li> Clustering - I haven't tested this plugin in a cluster. I've added some support for it so that rules *should* be synced across all nodes but I haven't tested it.  2.1 will contain more clustering goodness.</li>

</body>
</html>