firewall: fix generation of outgoing rules on webserver

Was not concatenating domain suffix and was filtered out.

diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml
index bb58a84..1131f20 100644 (file)
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -158,19 +158,23 @@ fun generateNodeFermRules rules  =
        fun confLine_out_v6 (uname, rule) = confLine outputLines_v6 (uname, formatOutputRule (rule, FwIPv6))
 
        fun insertConfLine (uname, ruleNode, rule) =
        fun confLine_out_v6 (uname, rule) = confLine outputLines_v6 (uname, formatOutputRule (rule, FwIPv6))
 
        fun insertConfLine (uname, ruleNode, rule) =

-           case rule of
-               Client (ports, hosts) => (confLine_out (uname, rule); confLine_out_v6 (uname, rule))
-             | Server (ports, hosts) => (confLine_in (uname, rule); confLine_in_v6 (uname, rule))
-             | LocalServer ports => (insertConfLine (uname, ruleNode, Client (ports, ["127.0.0.1/8"]));
-                                     insertConfLine (uname, ruleNode, Server (ports, ["127.0.0.1/8"]));
-                                     insertConfLine (uname, ruleNode, Client (ports, [":::1"]));
-                                     insertConfLine (uname, ruleNode, Server (ports, [":::1"])))
-             | ProxiedServer ports => if (fn FirewallNode r => r) ruleNode = Slave.hostname () then
-                                          (insertConfLine (uname, ruleNode, Server (ports, ["$WEBNODES"]));
-                                           insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r ^ "." ^ Config.defaultDomain) ruleNode])))
-                                      else (* we are a web server *)
-                                          (insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r ^ "." ^ Config.defaultDomain) ruleNode]));
-                                           insertConfLine (User "www-data", ruleNode, Client (ports, [(fn FirewallNode r => r) ruleNode])))
+           let
+               val fwnode_domain = fn FirewallNode node => node ^ "." ^ Config.defaultDomain
+           in
+               case rule of
+                   Client (ports, hosts) => (confLine_out (uname, rule); confLine_out_v6 (uname, rule))
+                 | Server (ports, hosts) => (confLine_in (uname, rule); confLine_in_v6 (uname, rule))
+                 | LocalServer ports => (insertConfLine (uname, ruleNode, Client (ports, ["127.0.0.1/8"]));
+                                         insertConfLine (uname, ruleNode, Server (ports, ["127.0.0.1/8"]));
+                                         insertConfLine (uname, ruleNode, Client (ports, [":::1"]));
+                                         insertConfLine (uname, ruleNode, Server (ports, [":::1"])))
+                 | ProxiedServer ports => if (fn FirewallNode r => r) ruleNode = Slave.hostname () then
+                                              (insertConfLine (uname, ruleNode, Server (ports, ["$WEBNODES"]));
+                                               insertConfLine (uname, ruleNode, Client (ports, [fwnode_domain ruleNode])))
+                                          else (* we are a web server *)
+                                              (insertConfLine (uname, ruleNode, Client (ports, [fwnode_domain ruleNode]));
+                                               insertConfLine (User "www-data", ruleNode, Client (ports, [fwnode_domain ruleNode])))
+           end

 
        val _ = map insertConfLine (filter_node_rules rules)
     in
 
        val _ = map insertConfLine (filter_node_rules rules)
     in