From f1df2d3f9105e0c304278f87e6e01e68b4b8ef8f Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 7 Dec 2012 10:27:02 -0500
Subject: [PATCH 1/1] Open outgoing ports on web nodes for firewall
 ProxiedServer directive Opens outgoing ports for user on all user-accessible
 web nodes, but right now that's just one machine.

---
 src/plugins/firewall.sml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml
index f6ede4c..10e44de 100644
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -71,7 +71,10 @@ fun parseRules () =
 			confLine_in (node, uname, String.concat ["dport ", parsePorts ports, parseHosts "saddr" hosts, " ACCEPT;"])
 		      | ["ProxiedServer", ports] =>
 			(* should this also allow access on lo? fixme: open output ports on apache node *)
-			confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"])
+			(confLine_in (node, uname, String.concat ["saddr $WEBNODES dport ", parsePorts ports, " ACCEPT;"]);
+			 (* Warning: duplicates code of Client case *)
+			 List.map (fn (node, _) => confLine_out (node, uname, String.concat ["dport ", parsePorts ports, Domain.nodeIp node, " ACCEPT;"] )) 
+				  Config.Apache.webNodes_all; ())
 		      | ["LocalServer", ports] =>
 			confLine_in (node, uname, String.concat ["saddr 127.0.0.1/8 dport ", parsePorts ports, " ACCEPT;"])
 		      | _ => print "Invalid config line\n";
-- 
2.20.1