Open outgoing ports on web nodes for firewall ProxiedServer directive

[hcoop/domtool2.git] / src / plugins / firewall.sml

diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml
index f6ede4c..10e44de 100644 (file)
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -71,7 +71,10 @@ fun parseRules () =
                        confLine_in (node, uname, String.concat ["dport ", parsePorts ports, parseHosts "saddr" hosts, " ACCEPT;"])
                      | ["ProxiedServer", ports] =>
                        (* should this also allow access on lo? fixme: open output ports on apache node *)
                        confLine_in (node, uname, String.concat ["dport ", parsePorts ports, parseHosts "saddr" hosts, " ACCEPT;"])
                      | ["ProxiedServer", ports] =>
                        (* should this also allow access on lo? fixme: open output ports on apache node *)

-                       confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"])
+                       (confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"]);
+                        (* Warning: duplicates code of Client case *)
+                        List.map (fn (node, _) => confLine_out (node, uname, String.concat ["dport ", parsePorts ports, Domain.nodeIp node, " ACCEPT;"] )) 
+                                 Config.Apache.webNodes_all; ())

                      | ["LocalServer", ports] =>
                        confLine_in (node, uname, String.concat ["saddr 127.0.0.1/8 dport ", parsePorts ports, " ACCEPT;"])
                      | _ => print "Invalid config line\n";
                      | ["LocalServer", ports] =>
                        confLine_in (node, uname, String.concat ["saddr 127.0.0.1/8 dport ", parsePorts ports, " ACCEPT;"])
                      | _ => print "Invalid config line\n";