diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-04-25 20:48:41 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-04-25 20:48:41 +0000 |
commit | 83b8554f2dccff4eddf046358ddcaa977b190ed1 (patch) | |
tree | 0e336506465b9ef1574f47e0488a8bc6a4d262bf /usr/local | |
parent | 3e32a807b135c7b7bc736fee46cde7999ba1ff66 (diff) | |
download | pfsense-83b8554f2dccff4eddf046358ddcaa977b190ed1.zip pfsense-83b8554f2dccff4eddf046358ddcaa977b190ed1.tar.gz |
MFC 11967
Do not allow user to shoot themselves in the foot (and the kernel, apparently) by adding a CARP ip to the system if a real ip on a real interface doesnt exist to match.
Tickets:
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index ef69d52..38df821 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -49,6 +49,11 @@ if (isset($_POST['id'])) else $id = $_GET['id']; +function return_first_three_octets($ip) { + $ip_split = split("\.", $ip); + return $ip_split[0] . "." . $ip_split[1] . "." . $ip_split[2]; +} + if (isset($id) && $a_vip[$id]) { $pconfig['mode'] = $a_vip[$id]['mode']; $pconfig['vhid'] = $a_vip[$id]['vhid']; @@ -103,6 +108,31 @@ if ($_POST) { } } + /* make sure new ip is within the subnet of a valid ip + * on one of our interfaces (wan, lan optX) + */ + if ($_POST['mode'] === "carp") { + $can_post = true; + $found = false; + $subnet_ip = return_first_three_octets($_POST['subnet']); + $iflist = array("lan", "wan"); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iflist['opt' . $i] = 'opt' . $i; + foreach($iflist as $if) { + $ww_subnet_ip = return_first_three_octets($config['interfaces'][$if]['ipaddr']); + if($ww_subnet_ip == $subnet_ip) { + $found = true; + break; + } + } + if($found == false) { + $cannot_find = $_POST['subnet']; + $can_post = false; + } + if($can_post == false) + $input_error[] = "Sorry, we could not locate an interface with a matching subnet for {$cannot_find}.<p>Please add an ip in this subnet on a real interface."; + } + if (!$input_errors) { $vipent = array(); |