diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-08-24 13:02:34 +0200 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-08-24 13:02:34 +0200 |
| commit | 270a257646cc0038756801b1f06f09a6b40b6e91 (patch) | |
| tree | 58f833402f175e38b8412793dc68e3c30cd4023b /usr/local/www/firewall_rules_edit.php | |
| parent | 9e80d14cab8349d737325e59a1d6eb8f6cc7e0d6 (diff) | |
| download | pfsense-270a257646cc0038756801b1f06f09a6b40b6e91.zip pfsense-270a257646cc0038756801b1f06f09a6b40b6e91.tar.gz | |
Add address family validation, also hide gateways or gateway groups from the gateway list.
Fix Ticket #1659
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 8857d8d..f9e2309 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -352,6 +352,10 @@ if ($_POST) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } + if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst'])) { + if(!validate_address_family($_POST['src'], $_POST['dst'])) + $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']); + } if ($_POST['srcbeginport'] > $_POST['srcendport']) { /* swap */ @@ -1266,6 +1270,10 @@ $i--): ?> $gateways = return_gateways_array(); // add statically configured gateways to list foreach($gateways as $gwname => $gw) { + if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw['gateway'])) + continue; + if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw['gateway'])) + continue; if($gw == "") continue; if($gwname == $pconfig['gateway']) { @@ -1278,13 +1286,18 @@ $i--): ?> /* add gateway groups to the list */ if (is_array($config['gateways']['gateway_group'])) { foreach($config['gateways']['gateway_group'] as $gw_group) { + if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw_group[0]['gwip'])) + continue; + if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw_group[0]['gwip'])) + continue; if($gw_group['name'] == "") continue; if($pconfig['gateway'] == $gw_group['name']) { - echo "<option value=\"{$gw_group['name']}\" SELECTED>{$gw_group['name']}</option>\n"; + $selected = " SELECTED"; } else { - echo "<option value=\"{$gw_group['name']}\">{$gw_group['name']}</option>\n"; + $selected = ""; } + echo "<option value=\"{$gw_group['name']}\" $selected>{$gw_group['name']}</option>\n"; } } ?> |
