From 0d3fb301bcae781d585bdecf534ed18769d91bce Mon Sep 17 00:00:00 2001 From: Clinton Ebadi Date: Fri, 7 Dec 2012 10:28:08 -0500 Subject: [PATCH] Generate config into domtool work directory and copy later Also update paths in the config to where the live files are --- configDefault/firewall.cfg | 6 +++--- scripts/domtool-publish | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/configDefault/firewall.cfg b/configDefault/firewall.cfg index b2d5179..b067fb5 100644 --- a/configDefault/firewall.cfg +++ b/configDefault/firewall.cfg @@ -1,9 +1,9 @@ (* -*- sml -*- *) structure Firewall :> FIREWALL_CONFIG = struct -val firewallRules = "/home/clinton/misc/hcoop/firewall/user.rules" -val firewallDir = "/home/clinton/misc/hcoop/firewall/output" -val firewallNodes = ["bog"] +val firewallRules = "/afs/hcoop.net/etc/domtool/firewall/user.rules" +val firewallDir = "/var/domtool/firewall/" +val firewallNodes = ["navajos"] val reload = "/usr/bin/sudo /usr/local/sbin/domtool-publish firewall" diff --git a/scripts/domtool-publish b/scripts/domtool-publish index b9f6ffc..811c464 100755 --- a/scripts/domtool-publish +++ b/scripts/domtool-publish @@ -79,6 +79,11 @@ case $1 in /etc/init.d/apache2 reload ;; firewall) + # Ideally this would check if the config worked first + # (ferm failing just uses the previous config at + # least). Does it need to chown/chmod the generated + # rules? + /bin/cp /var/domtool/firewall/{user_chains.conf,users_tcp_in.conf,users_tcp_out.conf} /etc/ferm/ /etc/init.d/ferm reload ;; *) -- 2.20.1