diff options
author | Phil Davis <phil.davis@inf.org> | 2015-04-14 09:53:02 +0545 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2015-04-14 10:11:28 -0300 |
commit | 1d4217237ba115c0e5fde144ccfaf66b74b5e56c (patch) | |
tree | dd2227025bb35d2553eec36e4ecb1daa5627e0b9 /usr/local | |
parent | 31a810badfcceec3168829fcea63ae425c80984d (diff) | |
download | pfsense-1d4217237ba115c0e5fde144ccfaf66b74b5e56c.zip pfsense-1d4217237ba115c0e5fde144ccfaf66b74b5e56c.tar.gz |
When deleting a VIP check it is not used by OpenVPN
I noticed this when cleaning up VIPs and OpenVPN server when testing for this forum post https://forum.pfsense.org/index.php?topic=92174.0
The system let me delete my test VIP before I deleted the OpenVPN server using, probably not a good thing.
This is a better version of #1604 - the similar loops for server and client are combined, and the error message shows the description (or IP address:port) of the offending OpenVPN instance so the user has a clue about which OpenVPN instance uses the VIP.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/firewall_virtual_ip.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 67cd55f..dfa2c41 100644 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -108,6 +108,26 @@ if ($_GET['act'] == "del") { } } + /* make sure no OpenVPN server or client references this entry */ + $openvpn_types_a = array("openvpn-server" => gettext("server"), "openvpn-client" => gettext("client")); + foreach ($openvpn_types_a as $openvpn_type => $openvpn_type_text) { + if (is_array($config['openvpn'][$openvpn_type])) { + foreach ($config['openvpn'][$openvpn_type] as $openvpn) { + if ($openvpn['ipaddr'] <> "") { + if ($openvpn['ipaddr'] == $a_vip[$_GET['id']]['subnet']) { + if (strlen($openvpn['description'])) { + $openvpn_desc = $openvpn['description']; + } else { + $openvpn_desc = $openvpn['ipaddr'] . ":" . $openvpn['local_port']; + } + $input_errors[] = sprintf(gettext("This entry cannot be deleted because it is still referenced by OpenVPN %s %s."), $openvpn_type_text, $openvpn_desc); + break; + } + } + } + } + } + if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) { $is_ipv6 = true; $subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); |