HCoop / hcoop / domtool2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use jump instead of goto in firewall
[hcoop/domtool2.git] / src / plugins / firewall.sml
diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml
index f6ede4c..9fd64f9 100644 (file)
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -71,7 +71,10 @@ fun parseRules () =
                        confLine_in (node, uname, String.concat ["dport ", parsePorts ports, parseHosts "saddr" hosts, " ACCEPT;"])
                      | ["ProxiedServer", ports] =>
                        (* should this also allow access on lo? fixme: open output ports on apache node *)
                        confLine_in (node, uname, String.concat ["dport ", parsePorts ports, parseHosts "saddr" hosts, " ACCEPT;"])
                      | ["ProxiedServer", ports] =>
                        (* should this also allow access on lo? fixme: open output ports on apache node *)
-                       confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"])
+                       (confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"]);
+                        (* Warning: duplicates code of Client case *)
+                        List.map (fn (node, _) => confLine_out (node, uname, String.concat ["dport ", parsePorts ports, Domain.nodeIp node, " ACCEPT;"] )) 
+                                 Config.Apache.webNodes_all; ())
                      | ["LocalServer", ports] =>
                        confLine_in (node, uname, String.concat ["saddr 127.0.0.1/8 dport ", parsePorts ports, " ACCEPT;"])
                      | _ => print "Invalid config line\n";
                      | ["LocalServer", ports] =>
                        confLine_in (node, uname, String.concat ["saddr 127.0.0.1/8 dport ", parsePorts ports, " ACCEPT;"])
                      | _ => print "Invalid config line\n";
@@ -114,7 +117,7 @@ fun generateFirewallConfig {server_rules, client_rules} =
                                   TextIO.output (outf, String.concat
                                                            ["mod owner uid-owner ",
                                                             Int.toString uid,
                                   TextIO.output (outf, String.concat
                                                            ["mod owner uid-owner ",
                                                             Int.toString uid,
-                                                            " { goto user_",
+                                                            " { jump user_",
                                                             uname,
                                                             suffix,
                                                             "; DROP; }\n"]);
                                                             uname,
                                                             suffix,
                                                             "; DROP; }\n"]);
Unnamed repository; edit this file to name it for gitweb.