/**
* return option array for valid translation networks
*/
function formTranslateAddresses()
{
global $config;
$retval = array();
// add this hosts ips
foreach ($config['interfaces'] as $intf => $intfdata) {
if (isset($intfdata['ipaddr']) && $intfdata['ipaddr'] != 'dhcp') {
$retval[$intfdata['ipaddr']] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf) . " " . gettext("address");
}
}
// add VIPs's
if (isset($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (!isset($sn['noexpand'])) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$retval[$sn['subnet'] . '/' . $sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})");
}
} else {
$retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");
}
}
}
}
// add Aliases
foreach (legacy_list_aliases("network") as $alias) {
if ($alias['type'] == "host") {
$retval[$alias['name']] = $alias['name'];
}
}
return $retval;
}
$input_errors[] = gettext("A valid IPv4 address must be specified.");
} else {
$where_ipaddr_configured = where_is_ipaddr_configured($_POST['ipaddr'], $if, true, true, $_POST['subnet']);
if (count($where_ipaddr_configured)) {
$subnet_conflict_text = sprintf(gettext("IPv4 address %s is being used by or overlaps with:"), $_POST['ipaddr'] . "/" . $_POST['subnet']);
foreach ($where_ipaddr_configured as $subnet_conflict) {
$subnet_conflict_text .= " " . convert_friendly_interface_to_friendly_descr($subnet_conflict['if']) . " (" . $subnet_conflict['ip_or_subnet'] . ")";
}
$input_errors[] = $subnet_conflict_text;
}
/* Do not accept network or broadcast address, except if subnet is 31 or 32 */
if ($_POST['subnet'] < 31) {
if ($_POST['ipaddr'] == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the network address and cannot be used");
} else {
if ($_POST['ipaddr'] == gen_subnet_max($_POST['ipaddr'], $_POST['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the broadcast address and cannot be used");
}
}
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($_POST['subnet'] == $subnet && $network == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) {
$input_errors[] = gettext("This IPv4 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if ($_POST['ipaddrv6']) {
if ($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1']) || $_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2'])) {
$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers.");
}
if ($_POST['domain'] && !is_domain($_POST['domain'])) {
$input_errors[] = gettext("A valid domain name must be specified for the DNS domain.");
}
if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) {
$input_errors[] = gettext("A valid IP address or hostname must be specified for the TFTP server.");
}
if ($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver'])) {
$input_errors[] = gettext("A valid IP address must be specified for the network boot server.");
}
if (gen_subnet($ifcfgip, $ifcfgsn) == $_POST['range_from']) {
$input_errors[] = gettext("You cannot use the network address in the starting subnet range.");
}
if (gen_subnet_max($ifcfgip, $ifcfgsn) == $_POST['range_to']) {
$input_errors[] = gettext("You cannot use the broadcast address in the ending subnet range.");
}
// Disallow a range that includes the virtualip
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['interface'] == $if) {
if ($vip['subnet'] && is_inrange_v4($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) {
$input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IP address %s."), $vip['subnet']);
}
}
}
}
$noip = false;
if (is_array($a_maps)) {
foreach ($a_maps as $map) {
$input_errors[] = gettext("This IP address is being used by another interface or VIP.");
}
unset($ignore_if, $ignore_mode);
}
}
$natiflist = get_configured_interface_with_descr();
foreach ($natiflist as $natif => $natdescr) {
if ($_POST['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) {
$input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.");
}
}
/* ipalias and carp should not use network or broadcast address */
if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") {
if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") {
$network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']);
$broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']);
} else {
if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128") {
$network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']);
$broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']);
}
}
if (isset($network_addr) && $_POST['subnet'] == $network_addr) {
$input_errors[] = gettext("You cannot use the network address for this VIP");
} else {
if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr) {
$input_errors[] = gettext("You cannot use the broadcast address for this VIP");
}
}
}
/* make sure new ip is within the subnet of a valid ip
}
}
if (is_array($config['virtualip']) && isset($pkga['showvirtualips'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if (!preg_match("/{$interface_regex}/", $vip['interface'])) {
$vip_description = $vip['descr'] != "" ? " ({$vip['descr']}) " : " ";
}
switch ($vip['mode']) {
case "ipalias":
case "carp":
$ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}");
break;
case "proxyarp":
if ($vip['type'] == "network") {
$start = ip2long32(gen_subnet($vip['subnet'], $vip['subnet_bits']));
$end = ip2long32(gen_subnet_max($vip['subnet'], $vip['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$ips[] = array('ip' => long2ip32($start + $i), 'description' => long2ip32($start + $i) . " from {$vip['subnet']}/{$vip['subnet_bits']} {$vip_description}");
}
} else {
$ips[] = array('ip' => $vip['subnet'], 'description' => "{$vip['subnet']} {$vip_description}");
}
break;
}
}
}
sort($ips);
if (isset($pkga['showlistenall'])) {
array_unshift($ips, array('ip' => gettext('All'), 'description' => gettext('Listen on All interfaces/ip addresses ')));
}
function build_target_list()
{
global $config, $sn, $a_aliases;
$list = array();
$list[""] = gettext('Interface Address');
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if (isset($sn['noexpand'])) {
continue;
}
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
$list[$sn['subnet'] . '/' . $sn['subnet_bits']] = 'Subnet: ' . $sn['subnet'] . '/' . $sn['subnet_bits'] . ' (' . $sn['descr'] . ')';
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $snip . ' (' . $sn['descr'] . ')';
}
} else {
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
}
}
}
foreach ($a_aliases as $alias) {
if ($alias['type'] != "host") {
continue;
}
$list[$alias['name']] = gettext('Host Alias: ') . $alias['name'] . ' (' . $alias['descr'] . ')';
}
$list['other-subnet'] = gettext('Other Subnet (Enter Below)');
return $list;
}
$if = $_POST['interface'];
}
/* input validation */
if (!$mac || !is_macaddr($mac)) {
$input_errors[] = gettext("A valid MAC address must be specified.");
}
if (!$if) {
$input_errors[] = gettext("A valid interface must be specified.");
}
if (!$input_errors) {
/* determine broadcast address */
$ipaddr = get_interface_ip($if);
if (!is_ipaddr($ipaddr)) {
$input_errors[] = gettext("A valid ip could not be found!");
} else {
$bcip = gen_subnet_max($ipaddr, get_interface_subnet($if));
/* Execute wol command and check return code. */
if (!mwexec("/usr/local/bin/wol -i {$bcip} " . escapeshellarg($mac))) {
$savemsg .= sprintf(gettext("Sent magic packet to %s."), $mac);
} else {
$savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'), '<a href="/diag_logs.php">', '</a>', $mac, ".<br />");
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_wol[$_GET['id']]) {
unset($a_wol[$_GET['id']]);
write_config();
header("Location: services_wol.php");
exit;
break;
}
/* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */
$staticroutes = get_staticroutes(true);
if (!empty($pconfig['ipaddr'])) {
if (!is_ipaddrv4($pconfig['ipaddr'])) {
$input_errors[] = gettext("A valid IPv4 address must be specified.");
} else {
if (is_ipaddr_configured($pconfig['ipaddr'], $if, true)) {
$input_errors[] = gettext("This IPv4 address is being used by another interface or VIP.");
}
/* Do not accept network or broadcast address, except if subnet is 31 or 32 */
if ($pconfig['subnet'] < 31) {
if ($pconfig['ipaddr'] == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the network address and cannot be used");
} elseif ($pconfig['ipaddr'] == gen_subnet_max($pconfig['ipaddr'], $pconfig['subnet'])) {
$input_errors[] = gettext("This IPv4 address is the broadcast address and cannot be used");
}
}
foreach ($staticroutes as $route_subnet) {
list($network, $subnet) = explode("/", $route_subnet);
if ($pconfig['subnet'] == $subnet && $network == gen_subnet($pconfig['ipaddr'], $pconfig['subnet'])) {
$input_errors[] = gettext("This IPv4 address conflicts with a Static Route.");
break;
}
unset($network, $subnet);
}
}
}
if (!empty($pconfig['ipaddrv6'])) {
if (!is_ipaddrv6($pconfig['ipaddrv6'])) {
function build_radiusnas_list()
{
$list = array();
$iflist = get_configured_interface_with_descr();
foreach ($iflist as $ifdesc => $ifdescr) {
$ipaddr = get_interface_ip($ifdesc);
if (is_ipaddr($ipaddr)) {
$list[$ifdescr] = $ifdescr . ' - ' . $ipaddr;
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $sn['descr'] . ' - ' . $snip;
}
} else {
$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
}
}
}
return $list;
}
function build_dsttype_list()
{
global $pconfig, $config, $ifdisp;
$sel = is_specialnet($pconfig['dst']);
$list = array('any' => 'Any', 'single' => 'Single host or alias', 'network' => 'Network', '(self)' => 'This Firewall (self)');
if (have_ruleint_access("pppoe")) {
$list['pppoe'] = 'PPPoE clients';
}
if (have_ruleint_access("l2tp")) {
$list['l2tp'] = 'L2TP clients';
}
foreach ($ifdisp as $if => $ifdesc) {
if (have_ruleint_access($if)) {
$list[$if] = $ifdesc;
$list[$if . 'ip'] = $ifdesc . ' address';
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
if (isset($sn['noexpand'])) {
continue;
}
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $snip . ' (' . $sn['descr'] . ')';
}
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
} else {
$list[$sn['subnet']] = $sn['subnet'] . ' (' . $sn['descr'] . ')';
}
}
}
return $list;
}
if (is_ipaddr_configured($pconfig['subnet'], $ignore_if)) {
$input_errors[] = gettext("This IP address is being used by another interface or VIP.");
}
}
}
$natiflist = get_configured_interface_with_descr();
foreach ($natiflist as $natif => $natdescr) {
if ($pconfig['interface'] == $natif && (empty($config['interfaces'][$natif]['ipaddr']) && empty($config['interfaces'][$natif]['ipaddrv6']))) {
$input_errors[] = gettext("The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP.");
}
}
/* ipalias and carp should not use network or broadcast address */
if ($pconfig['mode'] == "ipalias" || $pconfig['mode'] == "carp") {
if (is_ipaddrv4($pconfig['subnet']) && $pconfig['subnet_bits'] != "32") {
$network_addr = gen_subnet($pconfig['subnet'], $pconfig['subnet_bits']);
$broadcast_addr = gen_subnet_max($pconfig['subnet'], $pconfig['subnet_bits']);
} else {
if (is_ipaddrv6($pconfig['subnet']) && $_POST['subnet_bits'] != "128") {
$network_addr = gen_subnetv6($pconfig['subnet'], $pconfig['subnet_bits']);
$broadcast_addr = gen_subnetv6_max($pconfig['subnet'], $pconfig['subnet_bits']);
}
}
if (isset($network_addr) && $pconfig['subnet'] == $network_addr) {
$input_errors[] = gettext("You cannot use the network address for this VIP");
} else {
if (isset($broadcast_addr) && $pconfig['subnet'] == $broadcast_addr) {
$input_errors[] = gettext("You cannot use the broadcast address for this VIP");
}
}
}
/* make sure new ip is within the subnet of a valid ip
/* checked also by javascript */
if ($_POST['method'] != "ovpn") {
$input_errors[] = "Only supported address assignment is \"Managed by OpenVPN\".";
}
$check_ipblock = 1;
}
/* valid IP */
if ($_POST['ipblock'] && $check_ipblock) {
if (!is_ipaddr($_POST['ipblock'])) {
$input_errors[] = "Geçerli bir IP ağ bloğu tanımlanmalıdır.";
} else {
if ($_POST['type'] == "tun" && intval($_POST['prefix']) > 29) {
$input_errors[] = "Network mask too high for tun-style tunnels.";
} else {
$network = ip2long(gen_subnet($_POST['ipblock'], $_POST['prefix']));
$broadcast = ip2long(gen_subnet_max($_POST['ipblock'], $_POST['prefix']));
if ($_POST['maxcli']) {
if ($_POST['type'] == "tap") {
if (intval($_POST['maxcli']) > $broadcast - $network - 3) {
$input_errors[] = "En fazla eş zamanlı istemci sayısı çok fazla tanımlandı.";
}
} else {
if (intval($_POST['maxcli']) > floor(($broadcast - $network) / 4)) {
$input_errors[] = "En fazla eş zamanlı istemci sayısı çok fazla tanımlandı.";
}
}
}
}
}
}
/* Sort out the cert+key files */
} else {
/* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */
$_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac']));
$mac = $_POST['mac'];
$if = $_POST['interface'];
}
/* input validation */
if (!$mac || !is_macaddr($mac)) {
$input_errors[] = "Geçerli bir MAC adresi tanımlanmalıdır.";
}
if (!$if) {
$input_errors[] = "Geçerli bir ağ aygıtı tanımlanmalıdır.";
}
if (!$input_errors) {
/* determine broadcast address */
$bcip = gen_subnet_max($config['interfaces'][$if]['ipaddr'], $config['interfaces'][$if]['subnet']);
mwexec("/usr/local/bin/wol -i {$bcip} {$mac}");
$savemsg = "Sent magic packet to {$mac}.";
}
}
if ($_GET['act'] == "del") {
if ($a_wol[$_GET['id']]) {
unset($a_wol[$_GET['id']]);
write_config();
header("Location: services_wol.php");
exit;
}
}
$pgtitle = "Servisler: Wake on LAN";
include "head.inc";
?>
if ($_POST['ntp1'] && !is_ipaddrv4($_POST['ntp1']) || $_POST['ntp2'] && !is_ipaddrv4($_POST['ntp2'])) {
$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary NTP servers.");
}
if ($_POST['domain'] && !is_domain($_POST['domain'])) {
$input_errors[] = gettext("A valid domain name must be specified for the DNS domain.");
}
if ($_POST['tftp'] && !is_ipaddrv4($_POST['tftp']) && !is_domain($_POST['tftp']) && !is_URL($_POST['tftp'])) {
$input_errors[] = gettext("A valid IP address or hostname must be specified for the TFTP server.");
}
if ($_POST['nextserver'] && !is_ipaddrv4($_POST['nextserver'])) {
$input_errors[] = gettext("A valid IP address must be specified for the network boot server.");
}
if (gen_subnet($parent_ip, $parent_sn) == $_POST['range_from']) {
$input_errors[] = gettext("You cannot use the network address in the starting subnet range.");
}
if (gen_subnet_max($parent_ip, $parent_sn) == $_POST['range_to']) {
$input_errors[] = gettext("You cannot use the broadcast address in the ending subnet range.");
}
// Disallow a range that includes the virtualip
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['interface'] == $if) {
if ($vip['subnet'] && is_inrange_v4($vip['subnet'], $_POST['range_from'], $_POST['range_to'])) {
$input_errors[] = sprintf(gettext("The subnet range cannot overlap with virtual IP address %s."), $vip['subnet']);
}
}
}
}
$noip = false;
if (is_array($a_maps)) {
foreach ($a_maps as $map) {
}
if ($_POST['lipaddr']) {
if (!is_ipaddr($_POST['lipaddr'])) {
$input_errors[] = "A valid static local IP address must be specified.";
}
}
} else {
/* tap */
if ($_POST['lipaddr']) {
if (!is_ipaddr($_POST['lipaddr'])) {
$input_errors[] = "A valid static local IP address must be specified.";
} else {
if (gen_subnet($_POST['lipaddr'], $_POST['netmask']) == $_POST['lipaddr']) {
$input_errors[] = "Local IP address is subnet address.";
} else {
if (gen_subnet_max($_POST['lipaddr'], $_POST['netmask']) == $_POST['lipaddr']) {
$input_errors[] = "Local IP address is broadcast address.";
}
}
}
}
}
if (!empty($_POST['pre-shared-key']) && (!strstr($_POST['pre-shared-key'], "BEGIN OpenVPN Static key") || !strstr($_POST['pre-shared-key'], "END OpenVPN Static key"))) {
$input_errors[] = "Pre-shared secret does not appear to be valid.";
}
} else {
/* rsa */
$reqdfields = array_merge($reqdfields, explode(" ", "ca_cert cli_cert cli_key"));
$reqdfieldsn = array_merge($reqdfieldsn, explode(",", "CA certificate,Client certificate,Client key"));
if (!empty($_POST['ca_cert']) && (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))) {
$input_errors[] = "The CA certificate does not appear to be valid.";
