/** * return option array for valid translation networks */ function formTranslateAddresses() { global $config; $retval = array(); // add this hosts ips foreach ($config['interfaces'] as $intf => $intfdata) { if (isset($intfdata['ipaddr']) && $intfdata['ipaddr'] != 'dhcp') { $retval[$intfdata['ipaddr']] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf) . " " . gettext("address"); } } // add VIPs's if (isset($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if (!isset($sn['noexpand'])) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; $retval[$sn['subnet'] . '/' . $sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})"); for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})"); } } else { $retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})"); } } } } // add Aliases foreach (legacy_list_aliases("network") as $alias) { if ($alias['type'] == "host") { $retval[$alias['name']] = $alias['name']; } } return $retval; }
$input_errors[] = gettext("A valid IPv4 address must be specified."); } else { $where_ipaddr_configured = where_is_ipaddr_configured($_POST['ipaddr'], $if, true, true, $_POST['subnet']); if (count($where_ipaddr_configured)) { $subnet_conflict_text = sprintf(gettext("IPv4 address %s is being used by or overlaps with:"), $_POST['ipaddr'] . "/" . $_POST['subnet']); foreach ($where_ipaddr_configured as $subnet_conflict) { $subnet_conflict_text .= " " . convert_friendly_interface_to_friendly_descr($subnet_conflict['if']) . " (" . $subnet_conflict['ip_or_subnet'] . ")"; } $input_errors[] = $subnet_conflict_text; } /* Do not accept network or broadcast address, except if subnet is 31 or 32 */ if ($_POST['subnet'] < 31) { if ($_POST['ipaddr'] == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) { $input_errors[] = gettext("This IPv4 address is the network address and cannot be used"); } else { if ($_POST['ipaddr'] == gen_subnet_max($_POST['ipaddr'], $_POST['subnet'])) { $input_errors[] = gettext("This IPv4 address is the broadcast address and cannot be used"); } } } foreach ($staticroutes as $route_subnet) { list($network, $subnet) = explode("/", $route_subnet); if ($_POST['subnet'] == $subnet && $network == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) { $input_errors[] = gettext("This IPv4 address conflicts with a Static Route."); break; } unset($network, $subnet); } } } if ($_POST['ipaddrv6']) {
if ($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1']) || $_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2'])) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers."); } if ($_POST['domain'] && !is_domain($_POST['domain'])) { $input_errors[] = gettext("A valid domain name must be specified for the DNS domain."); } if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { $input_errors[] = gettext("A valid IP address or hostname must be specified for the TFTP server."); } if ($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver'])) { $input_errors[] = gettext("A valid IP address must be specified for the network boot server."); } if (gen_subnet($ifcfgip, $ifcfgsn) == $_POST['range_from']) { $input_errors[] = gettext("You cannot use the network address in the starting subnet range."); } if (gen_subnet_max($ifcfgip, $ifcfgsn) == $_POST['range_to']) { $input_errors[] = gettext("You cannot use the broadcast address in the ending subnet range."); } // Disallow a range that includes the virtualip if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['interface'] == $if) { if ($vip['subnet'] && is_inrange_v4($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) { $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IP address %s."), $vip['subnet']); } } } } $noip = false; if (is_array($a_maps)) { foreach ($a_maps as $map) {
$input_errors[] = gettext("This IP address is being used by another interface or VIP."); } unset($ignore_if, $ignore_mode); } } $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) { if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) { $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); } } /* ipalias and carp should not use network or broadcast address */ if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") { if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") { $network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']); $broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']); } else { if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") { $network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']); $broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']); } } if (isset($network_addr) && $_POST['subnet'] == $network_addr) { $input_errors[] = gettext("You cannot use the network address for this VIP"); } else { if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) { $input_errors[] = gettext("You cannot use the broadcast address for this VIP"); } } } /* make sure new ip is within the subnet of a valid ip
} } if (is_array($config['virtualip']) && isset($pkga['showvirtualips'])) { foreach ($config['virtualip']['vip'] as $vip) { if (!preg_match("/{$interface_regex}/", $vip['interface'])) { $vip_description = $vip['descr'] != "" ? " ({$vip['descr']}) " : " "; } switch ($vip['mode']) { case "ipalias": case "carp": $ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}"); break; case "proxyarp": if ($vip['type'] == "network") { $start = ip2long32(gen_subnet($vip['subnet'], $vip['subnet_bits'])); $end = ip2long32(gen_subnet_max($vip['subnet'], $vip['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) { $ips[] = array('ip' => long2ip32($start + $i), 'description' => long2ip32($start + $i) . " from {$vip['subnet']}/{$vip['subnet_bits']} {$vip_description}"); } } else { $ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}"); } break; } } } sort($ips); if (isset($pkga['showlistenall'])) { array_unshift($ips, array('ip' => gettext('All'), 'description' => gettext('Listen on All interfaces/ip addresses '))); }
function build_target_list() { global $config, $sn, $a_aliases; $list = array(); $list[""] = gettext('Interface Address'); if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if (isset($sn['noexpand'])) { continue; } if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; $list[$sn['subnet'] . '/' . $sn['subnet_bits']] = 'Subnet: ' . $sn['subnet'] . '/' . $sn['subnet_bits'] . ' (' . $sn['descr'] . ')'; for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $list[$snip] = $snip . ' (' . $sn['descr'] . ')'; } } else { $list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')'; } } } foreach ($a_aliases as $alias) { if ($alias['type'] != "host") { continue; } $list[$alias['name']] = gettext('Host Alias: ') . $alias['name'] . ' (' . $alias['descr'] . ')'; } $list['other-subnet'] = gettext('Other Subnet (Enter Below)'); return $list; }
$if = $_POST['interface']; } /* input validation */ if (!$mac || !is_macaddr($mac)) { $input_errors[] = gettext("A valid MAC address must be specified."); } if (!$if) { $input_errors[] = gettext("A valid interface must be specified."); } if (!$input_errors) { /* determine broadcast address */ $ipaddr = get_interface_ip($if); if (!is_ipaddr($ipaddr)) { $input_errors[] = gettext("A valid ip could not be found!"); } else { $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); /* Execute wol command and check return code. */ if (!mwexec("/usr/local/bin/wol -i {$bcip} " . escapeshellarg($mac))) { $savemsg .= sprintf(gettext("Sent magic packet to %s."), $mac); } else { $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'), '<a href="/diag_logs.php">', '</a>', $mac, ".<br />"); } } } } if ($_GET['act'] == "del") { if ($a_wol[$_GET['id']]) { unset($a_wol[$_GET['id']]); write_config(); header("Location: services_wol.php"); exit;
break; } /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $staticroutes = get_staticroutes(true); if (!empty($pconfig['ipaddr'])) { if (!is_ipaddrv4($pconfig['ipaddr'])) { $input_errors[] = gettext("A valid IPv4 address must be specified."); } else { if (is_ipaddr_configured($pconfig['ipaddr'], $if, true)) { $input_errors[] = gettext("This IPv4 address is being used by another interface or VIP."); } /* Do not accept network or broadcast address, except if subnet is 31 or 32 */ if ($pconfig['subnet'] < 31) { if ($pconfig['ipaddr'] == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) { $input_errors[] = gettext("This IPv4 address is the network address and cannot be used"); } elseif ($pconfig['ipaddr'] == gen_subnet_max($pconfig['ipaddr'], $pconfig['subnet'])) { $input_errors[] = gettext("This IPv4 address is the broadcast address and cannot be used"); } } foreach ($staticroutes as $route_subnet) { list($network, $subnet) = explode("/", $route_subnet); if ($pconfig['subnet'] == $subnet && $network == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) { $input_errors[] = gettext("This IPv4 address conflicts with a Static Route."); break; } unset($network, $subnet); } } } if (!empty($pconfig['ipaddrv6'])) { if (!is_ipaddrv6($pconfig['ipaddrv6'])) {
function build_radiusnas_list() { $list = array(); $iflist = get_configured_interface_with_descr(); foreach ($iflist as $ifdesc => $ifdescr) { $ipaddr = get_interface_ip($ifdesc); if (is_ipaddr($ipaddr)) { $list[$ifdescr] = $ifdescr . ' - ' . $ipaddr; } } if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $list[$snip] = $sn['descr'] . ' - ' . $snip; } } else { $list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet']; } } } return $list; }
function build_dsttype_list() { global $pconfig, $config, $ifdisp; $sel = is_specialnet($pconfig['dst']); $list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network', '(self)' => 'This Firewall (self)'); if (have_ruleint_access("pppoe")) { $list['pppoe'] = 'PPPoE clients'; } if (have_ruleint_access("l2tp")) { $list['l2tp'] = 'L2TP clients'; } foreach ($ifdisp as $if => $ifdesc) { if (have_ruleint_access($if)) { $list[$if] = $ifdesc; $list[$if . 'ip'] = $ifdesc . ' address'; } } if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { if (isset($sn['noexpand'])) { continue; } $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $list[$snip] = $snip . ' (' . $sn['descr'] . ')'; } $list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')'; } else { $list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')'; } } } return $list; }
if (is_ipaddr_configured($pconfig['subnet'], $ignore_if)) { $input_errors[] = gettext("This IP address is being used by another interface or VIP."); } } } $natiflist = get_configured_interface_with_descr(); foreach ($natiflist as $natif => $natdescr) { if ($pconfig['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) { $input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."); } } /* ipalias and carp should not use network or broadcast address */ if ($pconfig['mode'] == "ipalias" || $pconfig['mode'] == "carp") { if (is_ipaddrv4($pconfig['subnet']) && $pconfig['subnet_bits'] != "32") { $network_addr = gen_subnet($pconfig['subnet'], $pconfig['subnet_bits']); $broadcast_addr = gen_subnet_max($pconfig['subnet'], $pconfig['subnet_bits']); } else { if (is_ipaddrv6($pconfig['subnet']) && $_POST['subnet_bits'] != "128") { $network_addr = gen_subnetv6($pconfig['subnet'], $pconfig['subnet_bits']); $broadcast_addr = gen_subnetv6_max($pconfig['subnet'], $pconfig['subnet_bits']); } } if (isset($network_addr) && $pconfig['subnet'] == $network_addr) { $input_errors[] = gettext("You cannot use the network address for this VIP"); } else { if (isset($broadcast_addr) && $pconfig['subnet'] == $broadcast_addr) { $input_errors[] = gettext("You cannot use the broadcast address for this VIP"); } } } /* make sure new ip is within the subnet of a valid ip
/* checked also by javascript */ if ($_POST['method'] != "ovpn") { $input_errors[] = "Only supported address assignment is \"Managed by OpenVPN\"."; } $check_ipblock = 1; } /* valid IP */ if ($_POST['ipblock'] && $check_ipblock) { if (!is_ipaddr($_POST['ipblock'])) { $input_errors[] = "Geçerli bir IP ağ bloğu tanımlanmalıdır."; } else { if ($_POST['type'] == "tun" && intval($_POST['prefix']) > 29) { $input_errors[] = "Network mask too high for tun-style tunnels."; } else { $network = ip2long(gen_subnet($_POST['ipblock'], $_POST['prefix'])); $broadcast = ip2long(gen_subnet_max($_POST['ipblock'], $_POST['prefix'])); if ($_POST['maxcli']) { if ($_POST['type'] == "tap") { if (intval($_POST['maxcli']) > $broadcast - $network - 3) { $input_errors[] = "En fazla eş zamanlı istemci sayısı çok fazla tanımlandı."; } } else { if (intval($_POST['maxcli']) > floor(($broadcast - $network) / 4)) { $input_errors[] = "En fazla eş zamanlı istemci sayısı çok fazla tanımlandı."; } } } } } } /* Sort out the cert+key files */
} else { /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac'])); $mac = $_POST['mac']; $if = $_POST['interface']; } /* input validation */ if (!$mac || !is_macaddr($mac)) { $input_errors[] = "Geçerli bir MAC adresi tanımlanmalıdır."; } if (!$if) { $input_errors[] = "Geçerli bir ağ aygıtı tanımlanmalıdır."; } if (!$input_errors) { /* determine broadcast address */ $bcip = gen_subnet_max($config['interfaces'][$if]['ipaddr'], $config['interfaces'][$if]['subnet']); mwexec("/usr/local/bin/wol -i {$bcip} {$mac}"); $savemsg = "Sent magic packet to {$mac}."; } } if ($_GET['act'] == "del") { if ($a_wol[$_GET['id']]) { unset($a_wol[$_GET['id']]); write_config(); header("Location: services_wol.php"); exit; } } $pgtitle = "Servisler: Wake on LAN"; include "head.inc"; ?>
if ($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1']) || $_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2'])) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers."); } if ($_POST['domain'] && !is_domain($_POST['domain'])) { $input_errors[] = gettext("A valid domain name must be specified for the DNS domain."); } if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) { $input_errors[] = gettext("A valid IP address or hostname must be specified for the TFTP server."); } if ($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver'])) { $input_errors[] = gettext("A valid IP address must be specified for the network boot server."); } if (gen_subnet($parent_ip, $parent_sn) == $_POST['range_from']) { $input_errors[] = gettext("You cannot use the network address in the starting subnet range."); } if (gen_subnet_max($parent_ip, $parent_sn) == $_POST['range_to']) { $input_errors[] = gettext("You cannot use the broadcast address in the ending subnet range."); } // Disallow a range that includes the virtualip if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['interface'] == $if) { if ($vip['subnet'] && is_inrange_v4($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) { $input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IP address %s."), $vip['subnet']); } } } } $noip = false; if (is_array($a_maps)) { foreach ($a_maps as $map) {
} if ($_POST['lipaddr']) { if (!is_ipaddr($_POST['lipaddr'])) { $input_errors[] = "A valid static local IP address must be specified."; } } } else { /* tap */ if ($_POST['lipaddr']) { if (!is_ipaddr($_POST['lipaddr'])) { $input_errors[] = "A valid static local IP address must be specified."; } else { if (gen_subnet($_POST['lipaddr'], $_POST['netmask']) == $_POST['lipaddr']) { $input_errors[] = "Local IP address is subnet address."; } else { if (gen_subnet_max($_POST['lipaddr'], $_POST['netmask']) == $_POST['lipaddr']) { $input_errors[] = "Local IP address is broadcast address."; } } } } } if (!empty($_POST['pre-shared-key']) && (!strstr($_POST['pre-shared-key'], "BEGIN OpenVPN Static key") || !strstr($_POST['pre-shared-key'], "END OpenVPN Static key"))) { $input_errors[] = "Pre-shared secret does not appear to be valid."; } } else { /* rsa */ $reqdfields = array_merge($reqdfields, explode(" ", "ca_cert cli_cert cli_key")); $reqdfieldsn = array_merge($reqdfieldsn, explode(",", "CA certificate,Client certificate,Client key")); if (!empty($_POST['ca_cert']) && (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))) { $input_errors[] = "The CA certificate does not appear to be valid.";