/**
* return option array for valid translation networks
*/
function formTranslateAddresses()
{
global $config;
$retval = array();
// add this hosts ips
foreach ($config['interfaces'] as $intf => $intfdata) {
if (isset($intfdata['ipaddr']) && $intfdata['ipaddr'] != 'dhcp') {
$retval[$intfdata['ipaddr']] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf) . " " . gettext("address");
}
}
// add VIPs's
if (isset($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (!isset($sn['noexpand'])) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$retval[$sn['subnet'] . '/' . $sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})");
}
} else {
$retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");
}
}
}
}
// add Aliases
foreach (legacy_list_aliases("network") as $alias) {
if ($alias['type'] == "host") {
$retval[$alias['name']] = $alias['name'];
}
}
return $retval;
}
/**
* delete virtual ip
*/
function deleteVIPEntry($id)
{
global $config;
$input_errors = array();
$a_vip =& $config['virtualip']['vip'];
/* make sure no inbound NAT mappings reference this entry */
if (isset($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if (!empty($rule['destination']['address'])) {
if ($rule['destination']['address'] == $a_vip[$id]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$id]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$id]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (isset($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$id]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
continue;
}
if (ip_in_subnet($gateway['gateway'], $subnet)) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
break;
}
}
}
if ($a_vip[$id]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'];
$found_if = false;
$found_carp = false;
$found_other_alias = false;
if ($subnet == $if_subnet) {
$found_if = true;
}
$vipiface = $a_vip[$id]['interface'];
foreach ($a_vip as $vip_id => $vip) {
if ($vip_id != $id) {
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) {
if ($vip['mode'] == "carp") {
$found_carp = true;
} else {
if ($vip['mode'] == "ipalias") {
$found_other_alias = true;
}
}
}
}
}
if ($found_carp === true && $found_other_alias === false && $found_if === false) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
}
}
if (count($input_errors) == 0) {
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$id]['mode'] == "proxyarp") {
$viface = $a_vip[$id]['interface'];
unset($a_vip[$id]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$id]);
unset($a_vip[$id]);
}
if (count($config['virtualip']['vip']) == 0) {
unset($config['virtualip']['vip']);
}
}
return $input_errors;
}
$input_errors[] = sprintf(gettext("The IP address cannot be the %s network address."), $ifcfgdescr);
}
if ($ipaddr_int == $lansubnet_end) {
$input_errors[] = sprintf(gettext("The IP address cannot be the %s broadcast address."), $ifcfgdescr);
}
}
if ($_POST['gateway'] && !is_ipaddrv4($_POST['gateway'])) {
$input_errors[] = gettext("A valid IP address must be specified for the gateway.");
}
if ($_POST['wins1'] && !is_ipaddrv4($_POST['wins1']) || $_POST['wins2'] && !is_ipaddrv4($_POST['wins2'])) {
$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers.");
}
$parent_ip = get_interface_ip($POST['if']);
if (is_ipaddrv4($parent_ip) && $_POST['gateway']) {
$parent_sn = get_interface_subnet($_POST['if']);
if (!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) {
$input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']);
}
}
if ($_POST['dns1'] && !is_ipaddrv4($_POST['dns1']) || $_POST['dns2'] && !is_ipaddrv4($_POST['dns2']) || $_POST['dns3'] && !is_ipaddrv4($_POST['dns3']) || $_POST['dns4'] && !is_ipaddrv4($_POST['dns4'])) {
$input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers.");
}
if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || $_POST['deftime'] < 60)) {
$input_errors[] = gettext("The default lease time must be at least 60 seconds.");
}
if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || $_POST['maxtime'] < 60 || $_POST['maxtime'] <= $_POST['deftime'])) {
$input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time.");
}
if ($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain'])) {
$input_errors[] = gettext("A valid domain name must be specified for the dynamic DNS registration.");
}
echo htmlspecialchars($pconfig['descr']);
?>
" />
</td>
</tr>
<?php
}
?>
<tr>
<td width="22%" valign="top" class="vncellreq"><?php
echo gettext("Subnet");
?>
</td>
<td width="78%" class="vtable">
<?php
echo gen_subnet($ifcfgip, $ifcfgsn);
?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?php
echo gettext("Subnet mask");
?>
</td>
<td width="78%" class="vtable">
<?php
echo gen_subnet_mask($ifcfgsn);
?>
</td>
</tr>
<tr>
$input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members.");
}
if ($_POST['interface'] == 'lo0') {
$input_errors[] = gettext("For this type of vip localhost is not allowed.");
} else {
if (strpos($_POST['interface'], '_vip')) {
$input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
}
}
break;
case 'ipalias':
if (strstr($_POST['interface'], "_vip")) {
if (is_ipaddrv4($_POST['subnet'])) {
$parent_ip = get_interface_ip($_POST['interface']);
$parent_sn = get_interface_subnet($_POST['interface']);
$subnet = gen_subnet($parent_ip, $parent_sn);
} else {
if (is_ipaddrv6($_POST['subnet'])) {
$parent_ip = get_interface_ipv6($_POST['interface']);
$parent_sn = get_interface_subnetv6($_POST['interface']);
$subnet = gen_subnetv6($parent_ip, $parent_sn);
}
}
if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find);
}
unset($parent_ip, $parent_sn, $subnet);
}
break;
default:
* user has enabled advanced outbound nat -- lets automatically create entries
* for all of the interfaces to make life easier on the pip-o-chap
*/
$ifdescrs = array('lan');
for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
$ifdescrs[] = "opt" . $j;
}
foreach ($ifdescrs as $if) {
if ($if != "lan" and $if != "wan") {
/* interface is an optional. is it enabled? */
if (!isset($config['interfaces'][$if]['enabled'])) {
continue;
}
}
$natent = array();
$osn = gen_subnet($config['interfaces'][$if]['ipaddr'], $config['interfaces'][$if]['subnet']);
$natent['source']['network'] = $osn . "/" . $config['interfaces'][$if]['subnet'];
$natent['sourceport'] = "";
$int_description = $config['interfaces'][$if]['descr'];
if ($if == "lan") {
$int_description = "LAN";
}
$natent['descr'] = "Auto created rule for {$int_description}";
$natent['target'] = "";
$natent['interface'] = "wan";
$natent['destination']['any'] = true;
$natent['natport'] = "";
$a_out[] = $natent;
}
$savemsg = "Default rules for each interface have been created.";
}
}
}
}
if (is_array($config['virtualip']) && isset($pkga['showvirtualips'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if (!preg_match("/{$interface_regex}/", $vip['interface'])) {
$vip_description = $vip['descr'] != "" ? " ({$vip['descr']}) " : " ";
}
switch ($vip['mode']) {
case "ipalias":
case "carp":
$ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}");
break;
case "proxyarp":
if ($vip['type'] == "network") {
$start = ip2long32(gen_subnet($vip['subnet'], $vip['subnet_bits']));
$end = ip2long32(gen_subnet_max($vip['subnet'], $vip['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$ips[] = array('ip' => long2ip32($start + $i), 'description' => long2ip32($start + $i) . " from {$vip['subnet']}/{$vip['subnet_bits']} {$vip_description}");
}
} else {
$ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}");
}
break;
}
}
}
sort($ips);
if (isset($pkga['showlistenall'])) {
array_unshift($ips, array('ip' => gettext('All'), 'description' => gettext('Listen on All interfaces/ip addresses ')));
<input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("Deny unknown clients");?></strong><br />
<?=gettext("If this is checked, only the clients defined below will get DHCP leases from this server. ");?></td>
</tr>
<?php if (is_numeric($pool) || ($act == "newpool")): ?>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Pool Description");?></td>
<td width="78%" class="vtable">
<input name="descr" type="text" class="form-control unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" />
</td>
</tr>
<?php endif; ?>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet");?></td>
<td width="78%" class="vtable">
<?=gen_subnet($ifcfgip, $ifcfgsn);?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Subnet mask");?></td>
<td width="78%" class="vtable">
<?=gen_subnet_mask($ifcfgsn);?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Available range");?></td>
<td width="78%" class="vtable">
<?php
$range_from = ip2long(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn)));
$range_from++;
echo long2ip32($range_from);
<td width="78%" class="vtable">
<input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php
if ($pconfig['denyunknown']) {
echo "checked";
}
?>
>
<strong>Bilinmeyen istemcileri engelle</strong><br>
Eğer bu alan seçilirse, sadece tanımlanmış olan istemcilere IP dağıtılacaktır
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Alt ağ</td>
<td width="78%" class="vtable">
<?php
echo gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Alt ağ
maskesi</td>
<td width="78%" class="vtable">
<?php
echo gen_subnet_mask($ifcfg['subnet']);
?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Mevcut aralık</td>
<td width="78%" class="vtable">
function build_dsttype_list()
{
global $pconfig, $config, $ifdisp;
$sel = is_specialnet($pconfig['dst']);
$list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network', '(self)' => 'This Firewall (self)');
if (have_ruleint_access("pppoe")) {
$list['pppoe'] = 'PPPoE clients';
}
if (have_ruleint_access("l2tp")) {
$list['l2tp'] = 'L2TP clients';
}
foreach ($ifdisp as $if => $ifdesc) {
if (have_ruleint_access($if)) {
$list[$if] = $ifdesc;
$list[$if . 'ip'] = $ifdesc . ' address';
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
if (isset($sn['noexpand'])) {
continue;
}
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $snip . ' (' . $sn['descr'] . ')';
}
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
} else {
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
}
}
}
return $list;
}
// allow alldirs
} else {
if (isset($_POST['quiet'])) {
// might be delayed mount
} else {
if (isset($_POST['alldirs']) && !ismounted_or_dataset($path)) {
$input_errors[] = sprintf(gettext("All dirs requires mounted path, but Path %s is not mounted."), $path);
}
}
}
if (empty($input_errors)) {
$share = array();
$share['uuid'] = $_POST['uuid'];
$share['path'] = $path;
$share['mapall'] = $_POST['mapall'];
$share['network'] = gen_subnet($_POST['network'], $_POST['mask']) . "/" . $_POST['mask'];
$share['comment'] = $_POST['comment'];
$share['v4rootdir'] = isset($_POST['v4rootdir']) ? true : false;
$share['options']['alldirs'] = isset($_POST['alldirs']) ? true : false;
$share['options']['ro'] = isset($_POST['readonly']) ? true : false;
$share['options']['quiet'] = isset($_POST['quiet']) ? true : false;
if (isset($uuid) && FALSE !== $cnid) {
$a_share[$cnid] = $share;
$mode = UPDATENOTIFY_MODE_MODIFIED;
} else {
$a_share[] = $share;
$mode = UPDATENOTIFY_MODE_NEW;
}
updatenotify_set("nfsshare", $mode, $share['uuid']);
write_config();
header("Location: services_nfs_share.php");
if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) {
$input_errors[] = gettext("This IP address is being used by another interface or VIP.");
}
unset($ignore_if, $ignore_mode);
}
}
$natiflist = get_configured_interface_with_descr();
foreach ($natiflist as $natif => $natdescr) {
if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) {
$input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.");
}
}
/* ipalias and carp should not use network or broadcast address */
if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") {
if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32" && $_POST['subnet_bits'] != "31") {
$network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']);
$broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']);
} else {
if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") {
$network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']);
$broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']);
}
}
if (isset($network_addr) && $_POST['subnet'] == $network_addr) {
$input_errors[] = gettext("You cannot use the network address for this VIP");
} else {
if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) {
$input_errors[] = gettext("You cannot use the broadcast address for this VIP");
}
}
}
}
if (!empty($retval)) {
$input_errors[] = $retval;
}
}
}
if (!$input_errors) {
$ovpnent['enable'] = isset($_POST['disabled']) ? false : true;
$ovpnent['bind_iface'] = $_POST['bind_iface'];
$ovpnent['port'] = $_POST['port'];
$ovpnent['proto'] = $_POST['proto'];
$ovpnent['type'] = $_POST['type'];
$ovpnent['method'] = $_POST['method'];
$ovpnent['authentication_method'] = $_POST['authentication_method'];
/* convert IP address block to a correct network IP address */
$ovpnent['ipblock'] = gen_subnet($_POST['ipblock'], $_POST['prefix']);
$ovpnent['prefix'] = $_POST['prefix'];
$ovpnent['lipaddr'] = $_POST['lipaddr'];
$ovpnent['ripaddr'] = $_POST['ripaddr'];
$ovpnent['netmask'] = $_POST['netmask'];
$ovpnent['range_from'] = $_POST['range_from'];
$ovpnent['range_to'] = $_POST['range_to'];
$ovpnent['gateway'] = $_POST['gateway'];
$ovpnent['bridge'] = $_POST['bridge'];
$ovpnent['descr'] = $_POST['descr'];
$ovpnent['verb'] = $_POST['verb'];
$ovpnent['maxcli'] = $_POST['maxcli'];
$ovpnent['crypto'] = $_POST['crypto'];
$ovpnent['comp_method'] = $_POST['comp_method'];
$ovpnent['cli2cli'] = $_POST['cli2cli'] ? true : false;
$ovpnent['dupcn'] = $_POST['dupcn'] ? true : false;
/* make sure no inbound NAT mappings reference this entry */
if (is_array($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if ($rule['destination']['address'] != "") {
if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if ($a_vip[$_GET['id']]['mode'] == "ipalias") {
$vipiface = $a_vip[$_GET['id']]['interface'];
foreach ($a_vip as $vip) {
if ($vip['interface'] == $vipiface && $vip['mode'] == "carp") {
if (ip_in_subnet($vip['subnet'], gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']) . "/" . $a_vip[$_GET['id']]['subnet_bits'])) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by CARP") . " {$vip['descr']}.";
}
}
}
} else {
if ($a_vip[$_GET['id']]['mode'] == "carp") {
$vipiface = "{$a_vip[$_GET['id']]['interface']}_vip{$a_vip[$_GET['id']]['vhid']}";
foreach ($a_vip as $vip) {
if ($vipiface == $vip['interface'] && $vip['mode'] == "ipalias") {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by ip alias entry") . " {$vip['descr']}.";
}
}
}
}
if (!$input_errors) {
function build_target_list()
{
global $config, $sn, $a_aliases;
$list = array();
$list[""] = gettext('Interface Address');
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (isset($sn['noexpand'])) {
continue;
}
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$list[$sn['subnet'] . '/' . $sn['subnet_bits']] = 'Subnet: ' . $sn['subnet'] . '/' . $sn['subnet_bits'] . ' (' . $sn['descr'] . ')';
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $snip . ' (' . $sn['descr'] . ')';
}
} else {
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
}
}
}
foreach ($a_aliases as $alias) {
if ($alias['type'] != "host") {
continue;
}
$list[$alias['name']] = gettext('Host Alias: ') . $alias['name'] . ' (' . $alias['descr'] . ')';
}
$list['other-subnet'] = gettext('Other Subnet (Enter Below)');
return $list;
}
require_once 'guiconfig.inc';
require_once 'interfaces.inc';
require_once 'pfsense-utils.inc';
require_once 'util.inc';
$listedIPs = "";
//get interface IP and break up into an array
$interface = $_GET['if'];
$real_interface = get_real_interface($interface);
if (!does_interface_exist($real_interface)) {
echo gettext("Wrong Interface");
return;
}
$intip = find_interface_ip($real_interface);
//get interface subnet
$netmask = find_interface_subnet($real_interface);
$intsubnet = gen_subnet($intip, $netmask) . "/{$netmask}";
// see if they want local, remote or all IPs returned
$filter = $_GET['filter'];
if ($filter == "") {
$filter = "local";
}
if ($filter == "local") {
$ratesubnet = "-c " . $intsubnet;
} else {
// Tell the rate utility to consider the whole internet (0.0.0.0/0)
// and to consider local "l" traffic - i.e. traffic within the whole internet
// then we can filter the resulting output as we wish below.
$ratesubnet = "-lc 0.0.0.0/0";
}
//get the sort method
$sort = $_GET['sort'];
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
continue;
}
if (ip_in_subnet($gateway['gateway'], $subnet)) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
break;
}
}
}
if ($a_vip[$_GET['id']]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']) . "/" . $a_vip[$_GET['id']]['subnet_bits'];
$found_if = false;
$found_carp = false;
$found_other_alias = false;
if ($subnet == $if_subnet) {
$found_if = true;
}
$vipiface = $a_vip[$_GET['id']]['interface'];
foreach ($a_vip as $vip_id => $vip) {
if ($vip_id == $_GET['id']) {
continue;
}
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) {
if ($vip['mode'] == "carp") {
$found_carp = true;
} else {
}
if ($_POST['gateway'] && is_ipaddr($_POST['gateway']) && !$_REQUEST['isAjax']) {
if (is_ipaddrv4($_POST['gateway'])) {
$parent_ip = get_interface_ip($_POST['interface']);
$parent_sn = get_interface_subnet($_POST['interface']);
if (empty($parent_ip) || empty($parent_sn)) {
$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
} elseif (!isset($_POST["nonlocalgateway"])) {
$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
$vips = link_interface_to_vips($_POST['interface']);
if (is_array($vips)) {
foreach ($vips as $vip) {
if (!is_ipaddrv4($vip['subnet'])) {
continue;
}
$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
}
}
$found = false;
foreach ($subnets as $subnet) {
if (ip_in_subnet($_POST['gateway'], $subnet)) {
$found = true;
break;
}
}
if ($found === false) {
$input_errors[] = sprintf(gettext("The gateway address %1\$s does not lie within one of the chosen interface's subnets."), $_POST['gateway']);
}
}
} else {
if (is_ipaddrv6($_POST['gateway'])) {
if ($_POST['gateway'] && !is_ipaddr($_POST['gateway'])) {
$input_errors[] = gettext("A valid gateway IP address must be specified.");
}
if ($_POST['gateway'] && $_POST['network']) {
if (is_ipv4addr($_POST['gateway']) && !is_ipv4addr($_POST['network'])) {
$input_errors[] = gettext("You must enter the same IP type for network and gateway.");
} else {
if (is_ipv6addr($_POST['gateway']) && !is_ipv6addr($_POST['network'])) {
$input_errors[] = gettext("IP type mismatch for network and gateway.");
}
}
}
// Check for overlaps
// gen_subnet work for IPv4 only... This function permit to fix user input error for network number.
if (is_ipv4addr($_POST['network'])) {
$osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
} else {
$osn = $_POST['network'] . "/" . $_POST['network_subnet'];
}
$index = array_search_ex($osn, $a_routes, "network");
if (FALSE !== $index) {
if (!(FALSE !== $cnid && $a_routes[$cnid]['uuid'] === $a_routes[$index]['uuid'])) {
$input_errors[] = gettext("A route to this destination network already exists.");
}
}
if (!$input_errors) {
$route = array();
$route['uuid'] = $_POST['uuid'];
$route['interface'] = $_POST['interface'];
$route['network'] = $osn;
$route['gateway'] = $_POST['gateway'];
function build_radiusnas_list()
{
$list = array();
$iflist = get_configured_interface_with_descr();
foreach ($iflist as $ifdesc => $ifdescr) {
$ipaddr = get_interface_ip($ifdesc);
if (is_ipaddr($ipaddr)) {
$list[$ifdescr] = $ifdescr . ' - ' . $ipaddr;
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $sn['descr'] . ' - ' . $snip;
}
} else {
$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
}
}
}
return $list;
}
if ($_POST['secret'] != $_POST['secret_confirm']) {
$input_errors[] = gettext("Secret and confirmation must match");
}
if ($_POST['radiussecret'] != $_POST['radiussecret_confirm']) {
$input_errors[] = gettext("Secret and confirmation must match");
}
if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) {
$input_errors[] = gettext("Number of L2TP users must be between 1 and 255");
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
if (!$input_errors) {
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['l2tp_subnet']);
$subnet_start = ip2ulong($_POST['remoteip']);
$subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_l2tp_units'] - 1;
if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) {
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
}
if ($_POST['localip'] == get_interface_ip("lan")) {
$input_errors[] = gettext("The specified server address is equal to the LAN interface address.");
}
}
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
if (!$pconfig['target']) {
echo " selected";
}
?>
><?php
echo gettext("Interface address");
?>
</option>
<?php
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (isset($sn['noexpand'])) {
continue;
}
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
?>
<option value="<?php
echo $sn['subnet'] . '/' . $sn['subnet_bits'];
?>
" <?php
if ($sn['subnet'] . '/' . $sn['subnet_bits'] == $pconfig['target']) {
echo "selected";
}
?>
><?php
echo htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");
?>
</option>
}
display_top_tabs($tab_array);
// This form uses a non-standard submit button name
$form = new Form(new Form_Button('submit', gettext("Save")));
$section = new Form_Section('General Options');
if (!is_numeric($pool) && !($act == "newpool")) {
$section->addInput(new Form_Checkbox('enable', 'Enable', sprintf(gettext("Enable DHCP server on %s interface"), htmlspecialchars($iflist[$if])), $pconfig['enable']));
} else {
$section->addInput(new Form_StaticText(null, '<div class="alert alert-info"> Editing Pool-Specific Options. To return to the Interface, click its tab above. </div>'));
}
$section->addInput(new Form_Checkbox('denyunknown', 'Deny unknown clients', 'Only the clients defined below will get DHCP leases from this server.', $pconfig['denyunknown']));
$section->addInput(new Form_Checkbox('nonak', 'Ignore denied clients', 'Denied clients will be ignored rather than rejected.', $pconfig['nonak']));
if (is_numeric($pool) || $act == "newpool") {
$section->addInput(new Form_Input('descr', 'Pool Description', 'text', $pconfig['descr']));
}
$section->addInput(new Form_StaticText('Subnet', gen_subnet($ifcfgip, $ifcfgsn)));
$section->addInput(new Form_StaticText('Subnet mask', gen_subnet_mask($ifcfgsn)));
// Compose a string to display the required address ranges
$range_from = ip2long(gen_subnetv4($ifcfgip, $ifcfgsn));
$range_from++;
$range_to = ip2long(gen_subnetv4_max($ifcfgip, $ifcfgsn));
$range_to--;
$rangestr = long2ip32($range_from) . ' - ' . long2ip32($range_to);
if (is_numeric($pool) || $act == "newpool") {
$rangestr .= '<br />' . gettext('In-use DHCP Pool Ranges:');
if (is_array($config['dhcpd'][$if]['range'])) {
$rangestr .= '<br />' . $config['dhcpd'][$if]['range']['from'] . ' - ' . $config['dhcpd'][$if]['range']['to'];
}
foreach ($a_pools as $p) {
if (is_array($p['range'])) {
$rangestr .= '<br />' . $p['range']['from'] . ' - ' . $p['range']['to'];
$input_errors[] = gettext("A valid IPv4 address must be specified.");
} else {
if (is_ipaddr_configured($pconfig['ipaddr'], $if, true)) {
$input_errors[] = gettext("This IPv4 address is being used by another interface or VIP.");
}
/* Do not accept network or broadcast address, except if subnet is 31 or 32 */
if ($pconfig['subnet'] < 31) {
if ($pconfig['ipaddr'] == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the network address and cannot be used");
} elseif ($pconfig['ipaddr'] == gen_subnet_max($pconfig['ipaddr'], $pconfig['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the broadcast address and cannot be used");
}
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($pconfig['subnet'] == $subnet && $network == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) {
$input_errors[] = gettext("This IPv4 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if (!empty($pconfig['ipaddrv6'])) {
if (!is_ipaddrv6($pconfig['ipaddrv6'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified.");
} else {
if (is_ipaddr_configured($pconfig['ipaddrv6'], $if, true)) {
$input_errors[] = gettext("This IPv6 address is being used by another interface or VIP.");
}
foreach ($staticroutes as $route_subnet) {
$reqdfieldsn = array(gettext("Server address"), gettext("Remote start address"));
if ($_POST['radiusenable']) {
$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
$reqdfieldsn = array_merge($reqdfieldsn, array(gettext("RADIUS server address"), gettext("RADIUS shared secret")));
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) {
$input_errors[] = gettext("A valid server address must be specified.");
}
if ($_POST['pppoe_subnet'] && !is_ipaddr($_POST['remoteip'])) {
$input_errors[] = gettext("A valid remote start address must be specified.");
}
if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) {
$input_errors[] = gettext("A valid RADIUS server address must be specified.");
}
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']);
$subnet_start = ip2ulong($_POST['remoteip']);
$subnet_end = ip2ulong($_POST['remoteip']) + $_POST['pppoe_subnet'] - 1;
if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) {
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
}
if ($_POST['localip'] == get_interface_ip($_POST['interface'])) {
$input_errors[] = gettext("The specified server address is equal to an interface ip address.");
}
for ($x = 0; $x < 4999; $x++) {
if ($_POST["username{$x}"]) {
if (empty($_POST["password{$x}"])) {
$input_errors[] = sprintf(gettext("No password specified for username %s"), $_POST["username{$x}"]);
}
if ($_POST["ip{$x}"] != "" && !is_ipaddr($_POST["ip{$x}"])) {
$input_errors[] = sprintf(gettext("Incorrect ip address specified for username %s"), $_POST["username{$x}"]);
continue;
}
$old_targets[] = $tgt;
}
} else {
$old_targets[] = $oroute['network'];
}
}
$overlaps = array_intersect($current_targets, $new_targets);
$overlaps = array_diff($overlaps, $old_targets);
if (count($overlaps)) {
$input_errors[] = gettext("A route to these destination networks already exists") . ": " . implode(", ", $overlaps);
}
if (is_array($config['interfaces'])) {
foreach ($config['interfaces'] as $if) {
if (is_ipaddrv4($_POST['network']) && isset($if['ipaddr']) && isset($if['subnet']) && is_ipaddrv4($if['ipaddr']) && is_numeric($if['subnet']) && $_POST['network_subnet'] == $if['subnet'] && gen_subnet($_POST['network'], $_POST['network_subnet']) == gen_subnet($if['ipaddr'], $if['subnet'])) {
$input_errors[] = sprintf(gettext("This network conflicts with address configured on interface %s."), $if['descr']);
} else {
if (is_ipaddrv6($_POST['network']) && isset($if['ipaddrv6']) && isset($if['subnetv6']) && is_ipaddrv6($if['ipaddrv6']) && is_numeric($if['subnetv6']) && $_POST['network_subnet'] == $if['subnetv6'] && gen_subnetv6($_POST['network'], $_POST['network_subnet']) == gen_subnetv6($if['ipaddrv6'], $if['subnetv6'])) {
$input_errors[] = sprintf(gettext("This network conflicts with address configured on interface %s."), $if['descr']);
}
}
}
}
if (!$input_errors) {
$route = array();
$route['network'] = $osn;
$route['gateway'] = $_POST['gateway'];
$route['descr'] = $_POST['descr'];
if ($_POST['disabled']) {
$route['disabled'] = true;
}
$input_errors[] = $subnet_conflict_text;
}
/* Do not accept network or broadcast address, except if subnet is 31 or 32 */
if ($_POST['subnet'] < 31) {
if ($_POST['ipaddr'] == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the network address and cannot be used");
} else {
if ($_POST['ipaddr'] == gen_subnet_max($_POST['ipaddr'], $_POST['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the broadcast address and cannot be used");
}
}
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($_POST['subnet'] == $subnet && $network == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) {
$input_errors[] = gettext("This IPv4 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if ($_POST['ipaddrv6']) {
if (!is_ipaddrv6($_POST['ipaddrv6'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified.");
} else {
if (ip_in_subnet($_POST['ipaddrv6'], "fe80::/10")) {
$input_errors[] = gettext("IPv6 link local addresses cannot be configured as an interface IP.");
}
$where_ipaddr_configured = where_is_ipaddr_configured($_POST['ipaddrv6'], $if, true, true, $_POST['subnetv6']);
newImage.setAttribute('style', 'margin-right: 5px; border: solid 1px silver; cursor: pointer;');
newImage.setAttribute('onclick', 'add_selnetwork(get_optnetwork(), get_optsubnet());');
/* divs are used to achieve proper alignement */
newImageDiv = document.createElement("div");
newImageDiv.setAttribute('style', 'float: left;');
newImageDescDiv = document.createElement("div");
newImageDescDiv.setAttribute('style', 'padding-top: 1px;');
/* add options to select */
EOD;
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$optSubnet = $config['interfaces']['opt' . $i]['subnet'];
$generatedOPTSubnet = gen_subnet($config['interfaces']['opt' . $i]['ipaddr'], $config['interfaces']['opt' . $i]['subnet']);
if (empty($optSubnet) || empty($generatedOPTSubnet)) {
continue;
}
$jscriptstr .= <<<EOD
var selOptIndex = \$('authnettype').selectedIndex;
var optNumber = \$('authnettype').options[selOptIndex].value.substr(3, \$('authnettype').options[selOptIndex].value.length);
var newOptDescription = null;
var newNetTextSpan = null;
if (optNumber == {$i}) {
newOptDescription = document.createTextNode('{$generatedOPTSubnet}/{$optSubnet}');
newNetTextSpan = document.createElement("span");
newNetTextSpan.setAttribute('id', 'opt_iface_desc');
newNetTextSpan.setAttribute('style', 'font-weight: bold; font-style: italic; vertical-align: middle;');
require_once 'guiconfig.inc';
require_once 'interfaces.inc';
require_once 'pfsense-utils.inc';
//get interface IP and break up into an array
$real_interface = get_real_interface($_GET['if']);
if (!does_interface_exist($real_interface)) {
echo gettext("Wrong Interface");
exit;
} elseif (!empty($_GET['act']) && $_GET['act'] == "top") {
//
// find top bandwitdh users
// (parts copied from bandwidth_by_ip.php)
//
//get interface subnet
$netmask = find_interface_subnet($real_interface);
$intsubnet = gen_subnet(find_interface_ip($real_interface), $netmask) . "/{$netmask}";
$cmd_args = "";
switch (!empty($_GET['filter']) ? $_GET['filter'] : "") {
case "local":
$cmd_args .= " -c " . $intsubnet . " ";
break;
case "remote":
default:
$cmd_args .= " -lc 0.0.0.0/0 ";
break;
}
if (!empty($_GET['sort']) && $_GET['sort'] == "out") {
$cmd_args .= " -T ";
} else {
$cmd_args .= " -R ";
}
}
}
if ($_POST['password'] == "") {
$input_errors[] = "VHID üyeleri arasında bir şifre paylaşımı tanımı yapılmalıdır.";
}
$can_post = true;
$found = false;
$subnet_ip = return_first_two_octets($_POST['subnet']);
$iflist = array("lan", "wan");
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$iflist['opt' . $i] = 'opt' . $i;
}
foreach ($iflist as $if) {
$ww_subnet_ip = $config['interfaces'][$if]['ipaddr'];
$ww_subnet_bits = $config['interfaces'][$if]['subnet'];
if (ip_in_subnet($_POST['subnet'], gen_subnet($ww_subnet_ip, $ww_subnet_bits) . "/" . $ww_subnet_bits)) {
$found = true;
}
}
if ($found == false) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$can_post = false;
}
if ($can_post == false) {
$input_errors[] = " (\$ cannot_find) için eşleşen bir alt ağ ile arayüz bulunamadı. Lütfen bu alt için gerçek bir arabirime bir IP ekleyin.";
}
}
if (!$input_errors) {
$vipent = array();
$vipent['mode'] = $_POST['mode'];
$vipent['interface'] = $_POST['interface'];
