+ apache-fixperms)
+ /bin/chown -R domtool:nogroup /var/log/apache2/user
+ ;;
+ apache1.3-fixperms)
+ /bin/chown -R domtool:nogroup /var/log/apache/user
+ ;;
+ users)
+ /bin/cp /var/domtool/waklog.conf /etc/apache2/
+ /etc/init.d/apache2 reload
+ ;;
+ firewall)
+ # Ideally this would check if the config worked first
+ # (ferm failing just uses the previous config at
+ # least). Does it need to chown/chmod the generated
+ # rules?
+ /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
+ /etc/init.d/ferm reload
+ ;;
+ firewallpuppet)
+ # new firewall publishing method that integrates with puppet (sort of)
+ /bin/cp /var/domtool/firewall/*.conf /etc/ferm/
+ if [ ! -d /etc/puppetlabs ]; then
+ # legacy node
+ /etc/init.d/ferm reload
+ exit
+ fi
+ if ( /usr/sbin/ferm --noexec /etc/ferm/ferm.conf ); then
+ for chain in FERM-INPUT FERM-OUTPUT; do
+ /sbin/iptables -F $chain
+ /sbin/ip6tables -F $chain
+
+ /usr/sbin/ferm --domain ip --noexec --lines /etc/ferm/ferm.conf | iptables-restore --noflush
+ /usr/sbin/ferm --domain ip6 --noexec --lines /etc/ferm/ferm.conf | ip6tables-restore --noflush
+ done
+ else
+ echo "firewall: ferm failed, aborting regeneration."
+ fi
+ ;;