Packet Filter Plugin Readme

Overview

The packet filter plugin allows you to create rules that will block or reject certain packets to the server. If you are upgrading, this version *WILL DELETE ALL YOUR OLD RULES!* I wasn't happy with some of the design of the 1.0 version so I fixed it. The old format of the rules was unworkable with the new and I couldn't find a good way to convert from the old format, sorry.

Group Rule Auto Creation

By default the packet filter plugin will auto-create rules on Shared Group changes ensuring groups can always communicate with each other.
To disable this behaviour set the following Openfire System Property to false:

Installation

Copy packetFilter.jar into the plugins directory of your Openfire installation. The plugin will then be automatically deployed. To upgrade to a new version, copy the new packetFilter.jar file over the existing file.

Currently only the following databases are supported :

Configuration

The Packet Filter plugin can be configured under "Server"-"Server Settings"-"Packet Filter Rules".

Using the Plugin - Creating Rules

Actions

Actions come in 3 types Pass, Drop and Reject.

Disable

This allows you to quickly disable a rule without deleting it. Disabled rules will still appear on the main rule page but will have a strike through like so :

disabled rule

Packet Type

This specifies what type of packets you want to disable your choices are :

From

This specifies the source base JID. Currently resource specific rules aren't supported. The options for specifying a source are :

To

This specifies the destination base JID. The options for selecting the destination JID are the same as above.

Log

This prints a message to the info.log when the rule is executed. This is recommend only for trouble shooting as it can fill up the logs pretty quickly in production environments. Some example output :

Rejecting packet from bart@nate-putnams-computer.local/Adium to lisa@nate-putnams-computer.local/Psi

Description

Leave yourself a note so you can remember why you wrote the rule in the first place. :)

Changing Rule Order

The first rule that matches an incoming packet will be executed. For example consider the following rules :

example rules

Here we don't want any of the Simpson's talking to each other so every message from members of the Simpson group to each other are dropped. However, Marge and Homer should be able to talk to each other. To accomplish this rules allowing Homer to send message packets to Marge and vice versa are placed before the drop rule. New rules are automatically appended to the rule list. Rules can be moved at anytime using the arrows in the UI. When a rule is moved the changes take effect immediately.

Known Issues

  • Selectable components are only loaded when the plugin is initialized. If you add a component (AIM Transport etc..), it won't appear in the rule form until the server or plugin is restarted.
  • 2.0 will delete all your 1.0 rules.
  • Clustering - I haven't tested this plugin in a cluster. I've added some support for it so that rules *should* be synced across all nodes but I haven't tested it. 2.1 will contain more clustering goodness.