Prevent "Ignore denied clients" and "Failover Peer IP" from being combined in the DHCP server settings for IPv4. The daemon fails to start when configured in this way, it apparently only allows "allow" or "deny" in failover mode. Fixes #5898

2 files changed, 6 insertions, 2 deletions

diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc
index 177299b..61dc997 100644
--- a/src/etc/inc/services.inc
+++ b/src/etc/inc/services.inc
@@ -793,7 +793,7 @@ EOPP;
 				$dhcpdconf .= "		allow members of \"" . str_replace(':', '', $mac) . "\";\n";
 			}
 			$deny_action = "deny";
-			if (isset($poolconf['nonak'])) {
+			if (isset($poolconf['nonak']) && empty($poolconf['failover_peerip'])) {
 				$deny_action = "ignore";
 			}
 			$mac_deny_list = array_unique(explode(',', $poolconf['mac_deny']));
diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php
index f5dc6e4..f477320 100644
--- a/src/usr/local/www/services_dhcp.php
+++ b/src/usr/local/www/services_dhcp.php
@@ -266,6 +266,10 @@ if (isset($_POST['submit'])) {
 
 		do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
 
+		if (($_POST['nonak']) && !empty($_POST['failover_peerip'])) {
+			$input_errors[] = gettext("Ignore Denied Clients may not be used when a Failover Peer IP is defined.");
+		}
+
 		if (($_POST['range_from'] && !is_ipaddrv4($_POST['range_from']))) {
 			$input_errors[] = gettext("A valid range must be specified.");
 		}
@@ -803,7 +807,7 @@ $section->addInput(new Form_Checkbox(
 	'Ignore denied clients',
 	'Denied clients will be ignored rather than rejected.',
 	$pconfig['nonak']
-));
+))->setHelp("This option is not compatible with failover and cannot be enabled when a Failover Peer IP address is configured.");
 
 
 if (is_numeric($pool) || ($act == "newpool")) {