Seems that in 4.0.2 the "Server to Server Settings" (connection-settings-socket-s2s.jsp) code does not handle at all the global permission mode for blacklist/whitelist . It does not handle the "permissionFilter" attribute which when changed should result in calling the RemoteServerManager.setPermissionPolicy(String policy) method.
As a workarround, the administrator must manually add the property "xmpp.server.permission" with a value of "whitelist" or "blacklist"