diff options
| author | Chris Buechler <cmb@pfsense.org> | 2016-04-25 23:00:48 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2016-04-25 23:00:48 -0500 |
| commit | 776b6190d2f98825e93ddc320c3e99f24ce5b08f (patch) | |
| tree | 8eae47fdba4d72f5e8aec77cb54c68195026763e | |
| parent | d5ba66fa00927f3af8a5b508ed0e309848a4d1ca (diff) | |
| download | pfsense-776b6190d2f98825e93ddc320c3e99f24ce5b08f.zip pfsense-776b6190d2f98825e93ddc320c3e99f24ce5b08f.tar.gz | |
Add validation to prohibit IPv6 on firewall_nat_edit.php, where it will generate invalid ruleset. Ticket #6265
| -rw-r--r-- | src/usr/local/www/firewall_nat_edit.php | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php index 3a77963..e36e33b 100644 --- a/src/usr/local/www/firewall_nat_edit.php +++ b/src/usr/local/www/firewall_nat_edit.php @@ -289,6 +289,10 @@ if ($_POST) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']); } + if ($_POST['localip'] && is_ipaddrv6($_POST['localip'])) { + $input_errors[] = sprintf(gettext("Redirect target IP must be IPv4.")); + } + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']); } @@ -316,6 +320,9 @@ if ($_POST) { if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']); } + if ($_POST['src'] && is_ipaddrv6($_POST['src'])) { + $input_errors[] = sprintf(gettext("Source must be IPv4.")); + } if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { $input_errors[] = gettext("A valid source bit count must be specified."); } @@ -325,6 +332,9 @@ if ($_POST) { if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']); } + if ($_POST['dst'] && is_ipaddrv6($_POST['dst'])) { + $input_errors[] = sprintf(gettext("Destination must be IPv4.")); + } if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { $input_errors[] = gettext("A valid destination bit count must be specified."); } @@ -597,6 +607,9 @@ function build_dsttype_list() { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { + if (is_ipaddrv6($sn['subnet'])) { + continue; + } if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { if (isset($sn['noexpand'])) { continue; |
