From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 7 Dec 2012 15:28:08 +0000 (-0500)
Subject: Generate config into domtool work directory and copy later
X-Git-Tag: release_20121207~6
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/0d3fb301bcae781d585bdecf534ed18769d91bce?ds=sidebyside

Generate config into domtool work directory and copy later
Also update paths in the config to where the live files are
---

diff --git a/configDefault/firewall.cfg b/configDefault/firewall.cfg
index b2d5179..b067fb5 100644
--- a/configDefault/firewall.cfg
+++ b/configDefault/firewall.cfg
@@ -1,9 +1,9 @@
 (* -*- sml -*- *)
 structure Firewall :> FIREWALL_CONFIG = struct
 
-val firewallRules = "/home/clinton/misc/hcoop/firewall/user.rules"
-val firewallDir = "/home/clinton/misc/hcoop/firewall/output"
-val firewallNodes = ["bog"]
+val firewallRules = "/afs/hcoop.net/etc/domtool/firewall/user.rules"
+val firewallDir = "/var/domtool/firewall/"
+val firewallNodes = ["navajos"]
 
 val reload = "/usr/bin/sudo /usr/local/sbin/domtool-publish firewall"
 
diff --git a/scripts/domtool-publish b/scripts/domtool-publish
index b9f6ffc..811c464 100755
--- a/scripts/domtool-publish
+++ b/scripts/domtool-publish
@@ -79,6 +79,11 @@ case $1 in
 		/etc/init.d/apache2 reload
         ;;
         firewall)
+	       # Ideally this would check if the config worked first
+	       # (ferm failing just uses the previous config at
+	       # least). Does it need to chown/chmod the generated
+	       # rules?
+	       /bin/cp /var/domtool/firewall/{user_chains.conf,users_tcp_in.conf,users_tcp_out.conf} /etc/ferm/
 	       /etc/init.d/ferm reload
 	;;
 	*)