confLine_in (node, uname, String.concat ["dport ", parsePorts ports, parseHosts "saddr" hosts, " ACCEPT;"])
| ["ProxiedServer", ports] =>
(* should this also allow access on lo? fixme: open output ports on apache node *)
- confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"])
+ (confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"]);
+ (* Warning: duplicates code of Client case *)
+ List.map (fn (node, _) => confLine_out (node, uname, String.concat ["dport ", parsePorts ports, Domain.nodeIp node, " ACCEPT;"] ))
+ Config.Apache.webNodes_all; ())
| ["LocalServer", ports] =>
confLine_in (node, uname, String.concat ["saddr 127.0.0.1/8 dport ", parsePorts ports, " ACCEPT;"])
| _ => print "Invalid config line\n";
TextIO.output (outf, String.concat
["mod owner uid-owner ",
Int.toString uid,
- " { goto user_",
+ " { jump user_",
uname,
suffix,
"; DROP; }\n"]);
let
in
TextIO.output (outf, String.concat ["@def $WEBNODES = (",
- (String.concatWith ", " (List.map (fn (_, ip) => ip)
+ (String.concatWith " " (List.map (fn (_, ip) => ip)
(List.filter (fn (node, _) => List.exists (fn (n) => n = node) (List.map (fn (node, _) => node) (Config.Apache.webNodes_all @ Config.Apache.webNodes_admin)))
Config.nodeIps))),
");\n\n"]);