From e19b7d1ea849f40f1de194cadeefb3c289812442 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 26 Aug 2010 16:37:38 +0000 Subject: Allow carp interfaces to sit on top of aliases. Also add safety belts to ipalias deletion for this to avoid breakage. Trigered-by: http://forum.pfsense.org/index.php/topic,27834.0.html --- usr/local/www/firewall_virtual_ip.php | 9 +++++++++ usr/local/www/firewall_virtual_ip_edit.php | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'usr/local') diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 1ccfc2a..ec15fdf 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -108,6 +108,15 @@ if ($_GET['act'] == "del") { } } + if ($a_vip[$_GET['id']]['mode'] == "proxyarp") { + $vipiface = $a_vip[$_GET['id']]['interface']; + foreach ($a_vip as $vip) { + if ($vip['interface'] == $vipiface && $vip['mode'] == "carp") + if (ip_in_subnet($vip['subnet'], gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']) . "/" . $a_vip[$_GET['id']]['subnet_bits'])) + $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by CARP") . " {$vip['descr']}."; + } + } + if (!$input_errors) { // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$_GET['id']]['mode'] == "proxyarp") { diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index ffddef7..bdad11a 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -143,7 +143,7 @@ if ($_POST) { $parent_ip = get_interface_ip($_POST['interface']); $parent_sn = get_interface_subnet($_POST['interface']); - if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn)) { + if (!ip_in_subnet($_POST['subnet'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) { $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ; $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."),$cannot_find); } else if ($parent_sn != $_POST['subnet_bits']) -- cgit v1.1