Generate config into domtool work directory and copy later

Also update paths in the config to where the live files are

diff --git a/configDefault/firewall.cfg b/configDefault/firewall.cfg
index b2d5179..b067fb5 100644 (file)
--- a/configDefault/firewall.cfg
+++ b/configDefault/firewall.cfg
@@ -1,9 +1,9 @@
 (* -*- sml -*- *)
 structure Firewall :> FIREWALL_CONFIG = struct
 
 (* -*- sml -*- *)
 structure Firewall :> FIREWALL_CONFIG = struct
 

-val firewallRules = "/home/clinton/misc/hcoop/firewall/user.rules"
-val firewallDir = "/home/clinton/misc/hcoop/firewall/output"
-val firewallNodes = ["bog"]
+val firewallRules = "/afs/hcoop.net/etc/domtool/firewall/user.rules"
+val firewallDir = "/var/domtool/firewall/"
+val firewallNodes = ["navajos"]

 
 val reload = "/usr/bin/sudo /usr/local/sbin/domtool-publish firewall"
 
 
 val reload = "/usr/bin/sudo /usr/local/sbin/domtool-publish firewall"
 

diff --git a/scripts/domtool-publish b/scripts/domtool-publish
index b9f6ffc..811c464 100755 (executable)
--- a/scripts/domtool-publish
+++ b/scripts/domtool-publish
@@ -79,6 +79,11 @@ case $1 in
                /etc/init.d/apache2 reload
         ;;
         firewall)
                /etc/init.d/apache2 reload
         ;;
         firewall)

+              # Ideally this would check if the config worked first
+              # (ferm failing just uses the previous config at
+              # least). Does it need to chown/chmod the generated
+              # rules?
+              /bin/cp /var/domtool/firewall/{user_chains.conf,users_tcp_in.conf,users_tcp_out.conf} /etc/ferm/

               /etc/init.d/ferm reload
        ;;
        *)
               /etc/init.d/ferm reload
        ;;
        *)