From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 20 Apr 2018 02:23:27 +0000 (-0400)
Subject: firewall: fix generation of outgoing rules on webserver
X-Git-Tag: release_20180419-1
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/1350d8bc30445a41e60f55b94a92a08984026a30?ds=sidebyside

firewall: fix generation of outgoing rules on webserver

Was not concatenating domain suffix and was filtered out.
---

diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml
index bb58a84..1131f20 100644
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -158,19 +158,23 @@ fun generateNodeFermRules rules  =
 	fun confLine_out_v6 (uname, rule) = confLine outputLines_v6 (uname, formatOutputRule (rule, FwIPv6))
 
 	fun insertConfLine (uname, ruleNode, rule) =
-	    case rule of
-		Client (ports, hosts) => (confLine_out (uname, rule); confLine_out_v6 (uname, rule))
-	      | Server (ports, hosts) => (confLine_in (uname, rule); confLine_in_v6 (uname, rule))
-	      | LocalServer ports => (insertConfLine (uname, ruleNode, Client (ports, ["127.0.0.1/8"]));
-				      insertConfLine (uname, ruleNode, Server (ports, ["127.0.0.1/8"]));
-				      insertConfLine (uname, ruleNode, Client (ports, [":::1"]));
-				      insertConfLine (uname, ruleNode, Server (ports, [":::1"])))
-	      | ProxiedServer ports => if (fn FirewallNode r => r) ruleNode = Slave.hostname () then
-					   (insertConfLine (uname, ruleNode, Server (ports, ["$WEBNODES"]));
-					    insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r ^ "." ^ Config.defaultDomain) ruleNode])))
-				       else (* we are a web server *)
-					   (insertConfLine (uname, ruleNode, Client (ports, [(fn FirewallNode r => r ^ "." ^ Config.defaultDomain) ruleNode]));
-					    insertConfLine (User "www-data", ruleNode, Client (ports, [(fn FirewallNode r => r) ruleNode])))
+	    let
+		val fwnode_domain = fn FirewallNode node => node ^ "." ^ Config.defaultDomain
+	    in
+		case rule of
+		    Client (ports, hosts) => (confLine_out (uname, rule); confLine_out_v6 (uname, rule))
+		  | Server (ports, hosts) => (confLine_in (uname, rule); confLine_in_v6 (uname, rule))
+		  | LocalServer ports => (insertConfLine (uname, ruleNode, Client (ports, ["127.0.0.1/8"]));
+					  insertConfLine (uname, ruleNode, Server (ports, ["127.0.0.1/8"]));
+					  insertConfLine (uname, ruleNode, Client (ports, [":::1"]));
+					  insertConfLine (uname, ruleNode, Server (ports, [":::1"])))
+		  | ProxiedServer ports => if (fn FirewallNode r => r) ruleNode = Slave.hostname () then
+					       (insertConfLine (uname, ruleNode, Server (ports, ["$WEBNODES"]));
+						insertConfLine (uname, ruleNode, Client (ports, [fwnode_domain ruleNode])))
+					   else (* we are a web server *)
+					       (insertConfLine (uname, ruleNode, Client (ports, [fwnode_domain ruleNode]));
+						insertConfLine (User "www-data", ruleNode, Client (ports, [fwnode_domain ruleNode])))
+	    end
 
 	val _ = map insertConfLine (filter_node_rules rules)
     in