| (_, NONE) => false
end
+fun fermVariable x = String.isPrefix "$" x
fun filterHosts (hosts, ipv6) =
- List.filter (fn host => if (Domain.validIpv6 host orelse Domain.validIp host)
- then
- true
- else
- dnsExists ipv6 host)
+ List.filter (fn host => fermVariable host
+ orelse (case ipv6 of FwIPv6 => Domain.validIpv6 host
+ | FwIPv4 => Domain.validIp host)
+ orelse dnsExists ipv6 host)
hosts
case rule of
Client (ports, hosts) => (confLine_out (uname, rule); confLine_out_v6 (uname, rule))
| Server (ports, hosts) => (confLine_in (uname, rule); confLine_in_v6 (uname, rule))
- | LocalServer ports => (insertConfLine (uname, ruleNode, Client (ports, ["127.0.0.1/8", ":::1"]));
- insertConfLine (uname, ruleNode, Server (ports, ["127.0.0.1/8", ":::1"])))
+ | LocalServer ports => (insertConfLine (uname, ruleNode, Client (ports, ["127.0.0.1/8"]));
+ insertConfLine (uname, ruleNode, Server (ports, ["127.0.0.1/8"]));
+ insertConfLine (uname, ruleNode, Client (ports, [":::1"]));
+ insertConfLine (uname, ruleNode, Server (ports, [":::1"])))
| ProxiedServer ports => if (fn FirewallNode r => r) ruleNode = Slave.hostname () then
(insertConfLine (uname, ruleNode, Server (ports, ["$WEBNODES"]));
- insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r) ruleNode])))
+ insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r ^ "." ^ Config.defaultDomain) ruleNode])))
else (* we are a web server *)
- (insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r) ruleNode]));
+ (insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r ^ "." ^ Config.defaultDomain) ruleNode]));
insertConfLine (User "www-data", ruleNode, Client (ports, [(fn FirewallNode r => r) ruleNode])))
val _ = map insertConfLine (filter_node_rules rules)