powered by Jive Software

IP To IP file transfer control... through Packet Filter plugin?

Greetings all,

I have a question:

Has anyone here ever successfully configure OpenFire (3.8.2+) to filter IP to IP file transfer?

Basically what I’m getting to is that I would like to prevent a user from PRODUCTION to send files to DEVELOPMENT but still allow them to chat.

My current infrastructure requirements are the following:

Openfire is installed in PROD but is accessible by both PROD/DEV through a firewall rule that open port 5222 & 5223 (TLS/SSL).

Users from both environments are able to login using their LDAP credentials in either zone, the LDAP is also located in the PROD zone and DEV users access the service through firewall rules.

Now this is all good HOWEVER, I would like to prevent users from sending files from one zone to the other…

I’ve tried the Packet Filter plugin and I can block a specific user to send file to another user just fine however if I choose “Other JID” and I type in specific or IP address ranges it wont work…

So I’m trying to get the server to prevent sending files from one IP range to another IP range…

Another issue is that if I disable port 7777 on Openfire Pidgin and/or Spark will still attempt to send a file through port 5222 effectively bypassing the server setting anyway…

Basically there is no means to block a file transfer from one zone to the other without completely blocking file transfers for everyone either through Client Management plugin or Packet Filter…