diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-02-11 18:33:26 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-02-11 18:35:50 -0200 |
commit | e6c60013283ea203853e0bc34158e185016f4df6 (patch) | |
tree | 0f9e643beb4cdd347379a63d708fdd27a2e9a434 /usr | |
parent | 699125b18256a9270c28be75f8579b456f39035e (diff) | |
download | pfsense-e6c60013283ea203853e0bc34158e185016f4df6.zip pfsense-e6c60013283ea203853e0bc34158e185016f4df6.tar.gz |
Check interfaces and VIP IP address overlap
- Check if interface IP overlaps other interfaces or localip from mpd
based services
- Check if VIPs IP overlaps interfaces or other VIPs address
It fixes #1723
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 20 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 8 |
2 files changed, 12 insertions, 16 deletions
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 8682d5e..4e257ac 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -110,15 +110,17 @@ if ($_POST) { if ($_POST['subnet']) $_POST['subnet'] = trim($_POST['subnet']); - if (($_POST['subnet'] && !is_ipaddr($_POST['subnet']))) - $input_errors[] = gettext("A valid IP address must be specified."); + if ($_POST['subnet']) { + if (!is_ipaddr($_POST['subnet'])) + $input_errors[] = gettext("A valid IP address must be specified."); + else if (is_ipaddr_configured($_POST['subnet'], "vip_" . $id, true)) + $input_errors[] = gettext("This IPv4 address is being used by another interface or VIP."); + } $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) { if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); - if ($_POST['subnet'] == get_interface_ip($natif)) - $input_errors[] = sprintf(gettext("The %s IP address may not be used in a virtual entry."),$natdescr); } if(is_ipaddrv4($_POST['subnet'])) { @@ -129,16 +131,6 @@ if ($_POST) { if(($_POST['subnet_bits'] == "127" or $_POST['subnet_bits'] == "128") and $_POST['mode'] == "carp") $input_errors[] = gettext("The /127 and /128 subnet mask are invalid for CARP IPs."); } - /* check for overlaps with other virtual IP */ - foreach ($a_vip as $vipent) { - if (isset($id) && ($a_vip[$id]) && ($a_vip[$id] === $vipent)) - continue; - - if (isset($_POST['subnet']) && $_POST['subnet'] == $vipent['subnet']) { - $input_errors[] = gettext("There is already a virtual IP entry for the specified IP address."); - break; - } - } /* make sure new ip is within the subnet of a valid ip * on one of our interfaces (wan, lan optX) diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 73b6620..fcd7b51 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -544,8 +544,12 @@ if ($_POST['apply']) { /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $_POST['spoofmac'] = strtolower(str_replace("-", ":", $_POST['spoofmac'])); - if (($_POST['ipaddr'] && !is_ipaddrv4($_POST['ipaddr']))) - $input_errors[] = gettext("A valid IPv4 address must be specified."); + if ($_POST['ipaddr']) { + if (!is_ipaddrv4($_POST['ipaddr'])) + $input_errors[] = gettext("A valid IPv4 address must be specified."); + else if (is_ipaddr_configured($_POST['ipaddr'], $if, true, true)) + $input_errors[] = gettext("This IPv4 address is being used by another interface or VIP."); + } if (($_POST['ipaddrv6'] && !is_ipaddrv6($_POST['ipaddrv6']))) $input_errors[] = gettext("A valid IPv6 address must be specified."); if (($_POST['subnet'] && !is_numeric($_POST['subnet']))) |