From: Clinton Ebadi Date: Tue, 19 Feb 2013 19:29:44 +0000 (-0500) Subject: Fix ProxiedServer firewall rule generation for web node X-Git-Tag: release_20130219 X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/599a99d3b90eb0ba81ba09cca4d69fff45f6eae6?ds=sidebyside Fix ProxiedServer firewall rule generation for web node --- diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml index cb2893b..fe718f1 100644 --- a/src/plugins/firewall.sml +++ b/src/plugins/firewall.sml @@ -1,6 +1,6 @@ (* HCoop Domtool (http://hcoop.sourceforge.net/) * Copyright (c) 2006-2007, Adam Chlipala - * Copyright (c) 2011 Clinton Ebadi + * Copyright (c) 2011,2012,2013 Clinton Ebadi * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -70,10 +70,10 @@ fun parseRules () = | "Server" :: ports :: hosts => confLine_in (node, uname, String.concat ["dport ", parsePorts ports, parseHosts "saddr" hosts, " ACCEPT;"]) | ["ProxiedServer", ports] => - (* should this also allow access on lo? fixme: open output ports on apache node *) + (* should this also allow access on lo? *) (confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"]); (* Warning: duplicates code of Client case *) - List.map (fn (node, _) => confLine_out (node, uname, String.concat ["dport ", parsePorts ports, Domain.nodeIp node, " ACCEPT;"] )) + List.map (fn (wnode, _) => confLine_out (wnode, uname, String.concat ["dport ", parsePorts ports, " daddr ", Domain.nodeIp node, " ACCEPT;"] )) Config.Apache.webNodes_all; ()) | ["LocalServer", ports] => confLine_in (node, uname, String.concat ["saddr 127.0.0.1/8 dport ", parsePorts ports, " ACCEPT;"])