diff options
author | Ermal <eri@pfsense.org> | 2010-12-17 21:19:07 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-12-17 21:19:07 +0000 |
commit | a5a6ab28925f1e6a0fa07e2087c7c820fa3add84 (patch) | |
tree | 1dbb49db583ce0b56fa4454819eb39cd06e409bb /usr | |
parent | dc2bb9e542648617cc4f7e60ad6a1056f60cac27 (diff) | |
download | pfsense-a5a6ab28925f1e6a0fa07e2087c7c820fa3add84.zip pfsense-a5a6ab28925f1e6a0fa07e2087c7c820fa3add84.tar.gz |
Add safety belts since only aliases on same subnet can be added to an carp(4)
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 1b6ec09..78a9174 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -134,7 +134,9 @@ if ($_POST) { /* make sure new ip is within the subnet of a valid ip * on one of our interfaces (wan, lan optX) */ - if ($_POST['mode'] == "carp" or $_POST['mode'] == "carpdev-dhcp") { + switch ($_POST['mode']) { + case "carp": + case "carpdev-dhcp": /* verify against reusage of vhids */ $idtracker = 0; foreach($config['virtualip']['vip'] as $vip) { @@ -151,8 +153,20 @@ if ($_POST) { $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); } + break; + case "ipalias": + if (substr($_POST['interface'], 0, 3) == "vip") { + $parent_ip = get_interface_ip($_POST['interface']); + $parent_sn = get_interface_subnet($_POST['interface']); + if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { + $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; + $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); + } + } + break; } + if (isset($id) && ($a_vip[$id])) { if ($a_vip[$id]['mode'] != $_POST['mode']) { $bringdown = false; |