From 270a257646cc0038756801b1f06f09a6b40b6e91 Mon Sep 17 00:00:00 2001 From: Seth Mos Date: Wed, 24 Aug 2011 13:02:34 +0200 Subject: Add address family validation, also hide gateways or gateway groups from the gateway list. Fix Ticket #1659 --- usr/local/www/firewall_rules_edit.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'usr/local') diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 8857d8d..f9e2309 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -352,6 +352,10 @@ if ($_POST) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } + if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst'])) { + if(!validate_address_family($_POST['src'], $_POST['dst'])) + $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']); + } if ($_POST['srcbeginport'] > $_POST['srcendport']) { /* swap */ @@ -1266,6 +1270,10 @@ $i--): ?> $gateways = return_gateways_array(); // add statically configured gateways to list foreach($gateways as $gwname => $gw) { + if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw['gateway'])) + continue; + if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw['gateway'])) + continue; if($gw == "") continue; if($gwname == $pconfig['gateway']) { @@ -1278,13 +1286,18 @@ $i--): ?> /* add gateway groups to the list */ if (is_array($config['gateways']['gateway_group'])) { foreach($config['gateways']['gateway_group'] as $gw_group) { + if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw_group[0]['gwip'])) + continue; + if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw_group[0]['gwip'])) + continue; if($gw_group['name'] == "") continue; if($pconfig['gateway'] == $gw_group['name']) { - echo "\n"; + $selected = " SELECTED"; } else { - echo "\n"; + $selected = ""; } + echo "\n"; } } ?> -- cgit v1.1