From ca5445db5457ec754debdaa84c37beeeaa49aa17 Mon Sep 17 00:00:00 2001 From: Stephen Beaver Date: Wed, 26 Aug 2015 19:03:22 -0400 Subject: Deleted orig fileq --- src/usr/local/www/firewall_virtual_ip_edit.php | 561 ------------------------- 1 file changed, 561 deletions(-) delete mode 100644 src/usr/local/www/firewall_virtual_ip_edit.php diff --git a/src/usr/local/www/firewall_virtual_ip_edit.php b/src/usr/local/www/firewall_virtual_ip_edit.php deleted file mode 100644 index c92ace9..0000000 --- a/src/usr/local/www/firewall_virtual_ip_edit.php +++ /dev/null @@ -1,561 +0,0 @@ - - * Originally part of pfSense (https://www.pfsense.org) - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgment: - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution. (http://www.pfsense.org/). - * - * 4. The names "pfSense" and "pfSense Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * coreteam@pfsense.org. - * - * 5. Products derived from this software may not be called "pfSense" - * nor may "pfSense" appear in their names without prior written - * permission of the Electric Sheep Fencing, LLC. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution (http://www.pfsense.org/). - * - * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - * ==================================================================== - * - */ -/* - pfSense_BUILDER_BINARIES: /sbin/ifconfig - pfSense_MODULE: interfaces -*/ - -##|+PRIV -##|*IDENT=page-firewall-virtualipaddress-edit -##|*NAME=Firewall: Virtual IP Address: Edit page -##|*DESCR=Allow access to the 'Firewall: Virtual IP Address: Edit' page. -##|*MATCH=firewall_virtual_ip_edit.php* -##|-PRIV - -require("guiconfig.inc"); -require_once("filter.inc"); -require("shaper.inc"); - -if (!is_array($config['virtualip']['vip'])) { - $config['virtualip']['vip'] = array(); -} - -$a_vip = &$config['virtualip']['vip']; - -if (is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - -function return_first_two_octets($ip) { - $ip_split = explode(".", $ip); - return $ip_split[0] . "." . $ip_split[1]; -} - -function find_last_used_vhid() { - global $config, $g; - - $vhid = 0; - foreach ($config['virtualip']['vip'] as $vip) { - if ($vip['vhid'] > $vhid) { - $vhid = $vip['vhid']; - } - } - - return $vhid; -} - -if (isset($id) && $a_vip[$id]) { - $pconfig['mode'] = $a_vip[$id]['mode']; - $pconfig['vhid'] = $a_vip[$id]['vhid']; - $pconfig['advskew'] = $a_vip[$id]['advskew']; - $pconfig['advbase'] = $a_vip[$id]['advbase']; - $pconfig['password'] = $a_vip[$id]['password']; - $pconfig['range'] = $a_vip[$id]['range']; - $pconfig['subnet'] = $a_vip[$id]['subnet']; - $pconfig['subnet_bits'] = $a_vip[$id]['subnet_bits']; - $pconfig['noexpand'] = $a_vip[$id]['noexpand']; - $pconfig['descr'] = $a_vip[$id]['descr']; - $pconfig['type'] = $a_vip[$id]['type']; - $pconfig['interface'] = $a_vip[$id]['interface']; - $pconfig['uniqid'] = $a_vip[$id]['interface']; -} else { - $lastvhid = find_last_used_vhid(); - $lastvhid++; - $pconfig['vhid'] = $lastvhid; - $pconfig['uniqid'] = uniqid(); -} - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "mode"); - $reqdfieldsn = array(gettext("Type")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - if ($_POST['subnet']) { - $_POST['subnet'] = trim($_POST['subnet']); - } - - if ($_POST['subnet']) { - if (!is_ipaddr($_POST['subnet'])) { - $input_errors[] = gettext("A valid IP address must be specified."); - } else { - if (isset($id) && isset($a_vip[$id])) { - $ignore_if = $a_vip[$id]['interface']; - $ignore_mode = $a_vip[$id]['mode']; - if (isset($a_vip[$id]['vhid'])) { - $ignore_vhid = $a_vip[$id]['vhid']; - } - } else { - $ignore_if = $_POST['interface']; - $ignore_mode = $_POST['mode']; - } - - if (!isset($ignore_vhid)) { - $ignore_vhid = $_POST['vhid']; - } - - if ($ignore_mode == 'carp') { - $ignore_if .= "_vip{$ignore_vhid}"; - } else { - $ignore_if .= "_virtualip{$id}"; - } - - if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) { - $input_errors[] = gettext("This IP address is being used by another interface or VIP."); - } - - unset($ignore_if, $ignore_mode); - } - } - - $natiflist = get_configured_interface_with_descr(); - foreach ($natiflist as $natif => $natdescr) { - if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) { - $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); - } - } - - /* ipalias and carp should not use network or broadcast address */ - if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") { - if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") { - $network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']); - $broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']); - } else if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") { - $network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']); - $broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']); - } - - if (isset($network_addr) && $_POST['subnet'] == $network_addr) { - $input_errors[] = gettext("You cannot use the network address for this VIP"); - } else if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) { - $input_errors[] = gettext("You cannot use the broadcast address for this VIP"); - } - } - - /* make sure new ip is within the subnet of a valid ip - * on one of our interfaces (wan, lan optX) - */ - switch ($_POST['mode']) { - case 'carp': - /* verify against reusage of vhids */ - $idtracker = 0; - foreach($config['virtualip']['vip'] as $vip) { - if($vip['vhid'] == $_POST['vhid'] && $vip['interface'] == $_POST['interface'] && $idtracker != $id) - $input_errors[] = sprintf(gettext("VHID %s is already in use on interface %s. Pick a unique number on this interface."),$_POST['vhid'], convert_friendly_interface_to_friendly_descr($_POST['interface'])); - $idtracker++; - } - - if (empty($_POST['password'])) - $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members."); - - if ($_POST['interface'] == 'lo0') - $input_errors[] = gettext("For this type of vip localhost is not allowed."); - else if (strpos($_POST['interface'], '_vip')) - $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); - - break; - case 'ipalias': - if (strstr($_POST['interface'], "_vip")) { - if (is_ipaddrv4($_POST['subnet'])) { - $parent_ip = get_interface_ip($_POST['interface']); - $parent_sn = get_interface_subnet($_POST['interface']); - $subnet = gen_subnet($parent_ip, $parent_sn); - } else if (is_ipaddrv6($_POST['subnet'])) { - $parent_ip = get_interface_ipv6($_POST['interface']); - $parent_sn = get_interface_subnetv6($_POST['interface']); - $subnet = gen_subnetv6($parent_ip, $parent_sn); - } - - if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && - !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) { - $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; - $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); - } - - unset($parent_ip, $parent_sn, $subnet); - } - - break; - default: - if ($_POST['interface'] == 'lo0') - $input_errors[] = gettext("For this type of vip localhost is not allowed."); - else if (strpos($_POST['interface'], '_vip')) - $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); - - break; - } - - if (!$input_errors) { - $vipent = array(); - - $vipent['mode'] = $_POST['mode']; - $vipent['interface'] = $_POST['interface']; - - /* ProxyARP specific fields */ - if ($_POST['mode'] === "proxyarp") { - if ($_POST['type'] == "range") { - $vipent['range']['from'] = $_POST['range_from']; - $vipent['range']['to'] = $_POST['range_to']; - - } - - $vipent['noexpand'] = isset($_POST['noexpand']); - } - - /* CARP specific fields */ - if ($_POST['mode'] === "carp") { - $vipent['vhid'] = $_POST['vhid']; - $vipent['uniqid'] = $_POST['uniqid']; - $vipent['advskew'] = $_POST['advskew']; - $vipent['advbase'] = $_POST['advbase']; - $vipent['password'] = $_POST['password']; - } - - /* Common fields */ - $vipent['descr'] = $_POST['descr']; - if (isset($_POST['type'])) { - $vipent['type'] = $_POST['type']; - } else { - $vipent['type'] = "single"; - } - - if ($vipent['type'] == "single" || $vipent['type'] == "network") { - if (!isset($_POST['subnet_bits'])) { - $vipent['subnet_bits'] = "32"; - } else { - $vipent['subnet_bits'] = $_POST['subnet_bits']; - } - - $vipent['subnet'] = $_POST['subnet']; - } - - if (!isset($id)) { - $id = count($a_vip); - } - if (file_exists("{$g['tmp_path']}/.firewall_virtual_ip.apply")) { - $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply")); - } else { - $toapplylist = array(); - } - - $toapplylist[$id] = $a_vip[$id]; - - if (!empty($a_vip[$id])) { - /* modify all virtual IP rules with this address */ - for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { - if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) { - $config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet']; - } - } - } - - $a_vip[$id] = $vipent; - - if (write_config()) { - mark_subsystem_dirty('vip'); - file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist)); - } - - header("Location: firewall_virtual_ip.php"); - exit; - } -} - -$ipaliashelp = gettext('The mask must be the network\'s subnet mask. It does not specify a CIDR range.'); -$proxyarphelp = gettext('Enter a CIDR block of proxy ARP addresses.'); - -$pgtitle = array(gettext("Firewall"),gettext("Virtual IP Address"),gettext("Edit")); -include("head.inc"); - -function build_if_list() { - $list = array(); - - $interfaces = get_configured_interface_with_descr(false, true); - $carplist = get_configured_carp_interface_list(); - - foreach ($carplist as $cif => $carpip) - $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; - - $interfaces['lo0'] = 'Localhost'; - - return($interfaces); -} - -if ($input_errors) - print_input_errors($input_errors); - -require('classes/Form.class.php'); - -$form = new Form(); - -$section = new Form_Section('Edit Virtual IP'); - -$group = new Form_Group('Type'); - -$group->add(new Form_Checkbox( - 'mode', - null, - 'IP Alias', - ($pconfig['mode'] == "ipalias"), - 'ipalias' -))->displayAsRadio(); - -$group->add(new Form_Checkbox( - 'mode', - null, - 'CARP', - ($pconfig['mode'] == "carp"), - 'carp' -))->displayAsRadio(); - -$group->add(new Form_Checkbox( - 'mode', - null, - 'Proxy ARP', - ($pconfig['mode'] == "proxyarp"), - 'proxyarp' -))->displayAsRadio(); - -$group->add(new Form_Checkbox( - 'mode', - null, - 'Other', - ($pconfig['mode'] == "other"), - 'other' -))->displayAsRadio(); - -$section->add($group); - -$section->addInput(new Form_Select( - 'interface', - 'Interface', - $pconfig['interface'], - build_if_list() -)); - -$section->addInput(new Form_Select( - 'type', - 'Address type', - ((!$pconfig['range'] && $pconfig['subnet_bits'] == 32) || (!isset($pconfig['subnet']))) ? 'single':'network', - array( - 'single' => 'Single address', - 'network' => 'Network' - ) -))->addClass('typesel'); - -$section->addInput(new Form_IpAddress( - 'subnet', - 'Address(es)', - $pconfig['subnet'] -))->addMask('subnet_bits', $pconfig['subnet_bits'])->setHelp(''); - -$section->addInput(new Form_Checkbox( - 'noexpand', - 'Expansion', - 'Disable expansion of this entry into IPs on NAT lists (e.g. 192.168.1.0/24 expands to 256 entries.) ', - isset($pconfig['noexpand']) -)); - -$section->addInput(new Form_Input( - 'password', - 'Virtual IP Password', - 'password', - $pconfig['password'] -))->setHelp('Enter the VHID group password.'); - -$section->addInput(new Form_Select( - 'vhid', - 'VHID Group', - $pconfig['vhid'], - array_combine(range(1, 255, 1), range(1, 255, 1)) -))->setHelp('Enter the VHID group that the machines will share'); - -$group = new Form_Group('Advertising frequency'); -$group->add(new Form_Select( - 'advbase', - 'Base', - $pconfig['advbase'], - array_combine(range(1, 254, 1), range(1, 254, 1)) -))->setHelp('Base'); - -$group->add(new Form_Select( - 'advskew', - 'Skew', - $pconfig['advskew'], - array_combine(range(0, 254, 1), range(0, 254, 1)) -))->setHelp('Skew'); - -$group->setHelp('The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster determines the master.'); - -$section->add($group); - -$section->addInput(new Form_Input( - 'descr', - 'Description', - 'text', - $pconfig['descr'] -))->setHelp('You may enter a description here for your reference (not parsed).'); - -if (isset($id) && $a_vip[$id]){ - $section->addInput(new Form_Input( - 'id', - null, - 'hidden', - $id - )); -} - -$section->addInput(new Form_Input( - 'uniqid', - null, - 'hidden', - $pconfig['uniqid'] -)); - -$form->add($section); - -print($form); - -print_info_box(gettext("Proxy ARP and Other type Virtual IPs cannot be bound to by anything running on the firewall, such as IPsec, OpenVPN, etc. Use a CARP or IP Alias type address for these types.") . '
' . - sprintf(gettext("For more information on CARP and the above values, visit the OpenBSD %s"), 'CARP FAQ"')); -?> - - - -