diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-07-06 14:54:30 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-07-06 14:55:14 -0300 |
commit | ee3bc70325ed88d259663af1ab3503e027f2c4de (patch) | |
tree | 9557948ced0df013a7c09dbfa251a5f026ca18ed /usr | |
parent | ae7372475b760d4cc940caee9b9c4e1d3cb7c07b (diff) | |
download | pfsense-ee3bc70325ed88d259663af1ab3503e027f2c4de.zip pfsense-ee3bc70325ed88d259663af1ab3503e027f2c4de.tar.gz |
Fix #2962, allow to remove VIP if gateway IP is on the interface's subnet
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_virtual_ip.php | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 2a17a9e..3a3cb3d 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -107,14 +107,21 @@ if ($_GET['act'] == "del") { } } - if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) + if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) { + $is_ipv6 = true; $subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); - else + $if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']); + $if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits); + } else { + $is_ipv6 = false; $subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); + $if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']); + $if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits); + } $subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits']; + $if_subnet .= "/" . $if_subnet_bits; - $is_ipv6 = is_ipaddrv6($a_vip[$_GET['id']]['subnet']); if (is_array($config['gateways']['gateway_item'])) foreach($config['gateways']['gateway_item'] as $gateway) { if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) @@ -123,6 +130,8 @@ if ($_GET['act'] == "del") { continue; if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') continue; + if (ip_in_subnet($gateway['gateway'], $if_subnet)) + continue; if (ip_in_subnet($gateway['gateway'], $subnet)) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway."); |