summaryrefslogtreecommitdiffstats
path: root/usr/local/www/firewall_virtual_ip_edit.php
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2014-11-10 14:34:35 +0100
committerErmal <eri@pfsense.org>2014-11-10 14:34:35 +0100
commit9c97df267fd4f3c6c638466a54482e3d2c1b2986 (patch)
tree2e484e98577e4e1b90a721d09160f4ba882d7507 /usr/local/www/firewall_virtual_ip_edit.php
parent80be089f050f0f27398a2f35ff5d48f43c7cfa3f (diff)
downloadpfsense-9c97df267fd4f3c6c638466a54482e3d2c1b2986.zip
pfsense-9c97df267fd4f3c6c638466a54482e3d2c1b2986.tar.gz
Ticket #3967. Allow to have carp as parent of ipaliases
Diffstat (limited to 'usr/local/www/firewall_virtual_ip_edit.php')
-rw-r--r--usr/local/www/firewall_virtual_ip_edit.php40
1 files changed, 35 insertions, 5 deletions
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index d03c39f..74c035d 100644
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -166,7 +166,8 @@ if ($_POST) {
/* make sure new ip is within the subnet of a valid ip
* on one of our interfaces (wan, lan optX)
*/
- if ($_POST['mode'] == 'carp') {
+ switch ($_POST['mode']) {
+ case 'carp':
/* verify against reusage of vhids */
$idtracker = 0;
foreach($config['virtualip']['vip'] as $vip) {
@@ -187,10 +188,36 @@ if ($_POST) {
$subnet = gen_subnetv6($parent_ip, $parent_sn);
}
- if ($_POST['interface'] == "lo0")
+ if ($_POST['interface'] == 'lo0')
$input_errors[] = gettext("For this type of vip localhost is not allowed.");
- } else if ($_POST['mode'] != 'ipalias' && $_POST['interface'] == "lo0")
- $input_errors[] = gettext("For this type of vip localhost is not allowed.");
+ else if (strpos($_POST['interface'], '_vip'))
+ $input_errors[] = gettext("For this type of vip a carp parent is not allowed.");
+ break;
+ case 'ipalias':
+ if (strstr($_POST['interface'], "_vip")) {
+ if (is_ipaddrv4($_POST['subnet'])) {
+ $parent_ip = get_interface_ip($_POST['interface']);
+ $parent_sn = get_interface_subnet($_POST['interface']);
+ $subnet = gen_subnet($parent_ip, $parent_sn);
+ } else if (is_ipaddrv6($_POST['subnet'])) {
+ $parent_ip = get_interface_ipv6($_POST['interface']);
+ $parent_sn = get_interface_subnetv6($_POST['interface']);
+ $subnet = gen_subnetv6($parent_ip, $parent_sn);
+ }
+ if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") &&
+ !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) {
+ $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ;
+ $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find);
+ }
+ }
+ break;
+ default:
+ if ($_POST['interface'] == 'lo0')
+ $input_errors[] = gettext("For this type of vip localhost is not allowed.");
+ else if (strpos($_POST['interface'], '_vip'))
+ $input_errors[] = gettext("For this type of vip a carp parent is not allowed.");
+ break;
+ }
if (!$input_errors) {
$vipent = array();
@@ -370,7 +397,10 @@ function typesel_change() {
<select name="interface" class="formselect">
<?php
$interfaces = get_configured_interface_with_descr(false, true);
- $interfaces['lo0'] = "Localhost";
+ $carplist = get_configured_carp_interface_list();
+ foreach ($carplist as $cif => $carpip)
+ $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')';
+ $interfaces['lo0'] = 'Localhost';
foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars($ifacename);?>
OpenPOWER on IntegriCloud