+
+ fun write_tcp_in_conf (rules, outf, suffix) =
+ (* Lame hack: can't use iptables to restrict port binding,
+ punting on SELinux &c for now and just opening every
+ port any user requests *)
+
+ let
+ in
+ TextIO.output (outf, String.concat ["@def $WEBNODES = (",
+ (String.concatWith ", " (List.map (fn (_, ip) => ip)
+ (List.filter (fn (node, _) => List.exists (fn (n) => n = node) (List.map (fn (node, _) => node) (Config.Apache.webNodes_all @ Config.Apache.webNodes_admin)))
+ Config.nodeIps))),
+ ");\n\n"]);
+ StringMap.appi (fn (uname, rules) =>
+ let
+ val uid = SysWord.toInt (Posix.ProcEnv.uidToWord (Posix.SysDB.Passwd.uid (Posix.SysDB.getpwnam uname)))
+ val lines = filter_node_rules rules
+ in
+ TextIO.output (outf,
+ String.concat ("proto tcp {\n"
+ :: lines
+ @ ["}\n\n"]))
+ end handle OS.SysErr _ => print "Invalid user in firewall config, skipping.\n")
+ rules
+ end