if ($ipaddr_int == $lansubnet_start) {
$input_errors[] = sprintf(gettext("The IP address cannot be the %s network address."), $ifcfgdescr);
}
if ($ipaddr_int == $lansubnet_end) {
$input_errors[] = sprintf(gettext("The IP address cannot be the %s broadcast address."), $ifcfgdescr);
}
}
if ($_POST['gateway'] && !is_ipaddrv4($_POST['gateway'])) {
$input_errors[] = gettext("A valid IP address must be specified for the gateway.");
}
if ($_POST['wins1'] && !is_ipaddrv4($_POST['wins1']) || $_POST['wins2'] && !is_ipaddrv4($_POST['wins2'])) {
$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers.");
}
$parent_ip = get_interface_ip($POST['if']);
if (is_ipaddrv4($parent_ip) && $_POST['gateway']) {
$parent_sn = get_interface_subnet($_POST['if']);
if (!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) {
$input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']);
}
}
if ($_POST['dns1'] && !is_ipaddrv4($_POST['dns1']) || $_POST['dns2'] && !is_ipaddrv4($_POST['dns2']) || $_POST['dns3'] && !is_ipaddrv4($_POST['dns3']) || $_POST['dns4'] && !is_ipaddrv4($_POST['dns4'])) {
$input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers.");
}
if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || $_POST['deftime'] < 60)) {
$input_errors[] = gettext("The default lease time must be at least 60 seconds.");
}
if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || $_POST['maxtime'] < 60 || $_POST['maxtime'] <= $_POST['deftime'])) {
$input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time.");
}
if ($_POST['ddnsdomain'] && !is_domain($_POST['ddnsdomain'])) {
$input_errors[] = gettext("A valid domain name must be specified for the dynamic DNS registration.");
}
require "guiconfig.inc";
$if = $_GET['if'];
if ($_POST['if']) {
$if = $_POST['if'];
}
if (!$if) {
header("Location: services_dhcp.php");
exit;
}
if (!is_array($config['dhcpd'][$if]['staticmap'])) {
$config['dhcpd'][$if]['staticmap'] = array();
}
$a_maps =& $config['dhcpd'][$if]['staticmap'];
$ifcfgip = get_interface_ip($if);
$ifcfgsn = get_interface_subnet($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
$id = $_GET['id'];
if (isset($_POST['id'])) {
$id = $_POST['id'];
}
if (isset($id) && $a_maps[$id]) {
$pconfig['mac'] = $a_maps[$id]['mac'];
$pconfig['hostname'] = $a_maps[$id]['hostname'];
$pconfig['ipaddr'] = $a_maps[$id]['ipaddr'];
$pconfig['descr'] = base64_decode($a_maps[$id]['descr']);
} else {
$pconfig['mac'] = $_GET['mac'];
$pconfig['hostname'] = $_GET['hostname'];
$pconfig['descr'] = $_GET['descr'];
}
if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (is_array($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
}
case "address":
if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) {
$input_errors[] = gettext("A valid local network IP address must be specified.");
} elseif (is_ipaddrv4($pconfig['localid_address']) && $pconfig['mode'] != "tunnel") {
$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
} elseif (is_ipaddrv6($pconfig['localid_address']) && $pconfig['mode'] != "tunnel6") {
$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
}
break;
}
/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
if (isset($config['interfaces'][$pconfig['localid_type']])) {
// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
$address = get_interface_ip($pconfig['localid_type']);
$netbits = get_interface_subnet($pconfig['localid_type']);
if (empty($address) || empty($netbits)) {
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
}
}
if (!empty($pconfig['natlocalid_address'])) {
switch ($pconfig['natlocalid_type']) {
case "network":
if ($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits'] || !is_numeric($pconfig['natlocalid_netbits'])) {
$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
}
if ($pconfig['localid_type'] == "address") {
$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
}
// address rules also apply to network type (hence, no break)
// address rules also apply to network type (hence, no break)
$if = $_POST['interface'];
}
/* input validation */
if (!$mac || !is_macaddr($mac)) {
$input_errors[] = gettext("A valid MAC address must be specified.");
}
if (!$if) {
$input_errors[] = gettext("A valid interface must be specified.");
}
if (!$input_errors) {
/* determine broadcast address */
$ipaddr = get_interface_ip($if);
if (!is_ipaddr($ipaddr)) {
$input_errors[] = gettext("A valid ip could not be found!");
} else {
$bcip = gen_subnet_max($ipaddr, get_interface_subnet($if));
/* Execute wol command and check return code. */
if (!mwexec("/usr/local/bin/wol -i {$bcip} " . escapeshellarg($mac))) {
$savemsg .= sprintf(gettext("Sent magic packet to %s."), $mac);
} else {
$savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'), '<a href="/diag_logs.php">', '</a>', $mac, ".<br />");
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_wol[$_GET['id']]) {
unset($a_wol[$_GET['id']]);
write_config();
header("Location: services_wol.php");
exit;
$reqdfieldsn = array(gettext("Name"), gettext("Interface"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (!isset($pconfig['name'])) {
$input_errors[] = gettext("A valid gateway name must be specified.");
}
if (!is_validaliasname($pconfig['name'])) {
$input_errors[] = gettext("The gateway name must not contain invalid characters.");
}
/* skip system gateways which have been automatically added */
if (!empty($pconfig['gateway']) && !is_ipaddr($pconfig['gateway']) && $pconfig['attribute'] !== "system" && $pconfig['gateway'] != "dynamic") {
$input_errors[] = gettext("A valid gateway IP address must be specified.");
}
if (!empty($pconfig['gateway']) && is_ipaddr($pconfig['gateway']) && !isset($_REQUEST['isAjax'])) {
if (is_ipaddrv4($pconfig['gateway'])) {
$parent_ip = get_interface_ip($pconfig['interface']);
$parent_sn = get_interface_subnet($pconfig['interface']);
if (empty($parent_ip) || empty($parent_sn)) {
$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
} else {
$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
$vips = link_interface_to_vips($_POST['interface']);
if (is_array($vips)) {
foreach ($vips as $vip) {
if (!is_ipaddrv4($vip['subnet'])) {
continue;
}
$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
}
}
$found = false;
foreach ($subnets as $subnet) {
/**
* delete virtual ip
*/
function deleteVIPEntry($id)
{
global $config;
$input_errors = array();
$a_vip =& $config['virtualip']['vip'];
/* make sure no inbound NAT mappings reference this entry */
if (isset($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if (!empty($rule['destination']['address'])) {
if ($rule['destination']['address'] == $a_vip[$id]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$id]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$id]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (isset($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$id]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
continue;
}
if (ip_in_subnet($gateway['gateway'], $subnet)) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
break;
}
}
}
if ($a_vip[$id]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'];
$found_if = false;
$found_carp = false;
$found_other_alias = false;
if ($subnet == $if_subnet) {
$found_if = true;
}
$vipiface = $a_vip[$id]['interface'];
foreach ($a_vip as $vip_id => $vip) {
if ($vip_id != $id) {
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) {
if ($vip['mode'] == "carp") {
$found_carp = true;
} else {
if ($vip['mode'] == "ipalias") {
$found_other_alias = true;
}
}
}
}
}
if ($found_carp === true && $found_other_alias === false && $found_if === false) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
}
}
if (count($input_errors) == 0) {
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$id]['mode'] == "proxyarp") {
$viface = $a_vip[$id]['interface'];
unset($a_vip[$id]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$id]);
unset($a_vip[$id]);
}
if (count($config['virtualip']['vip']) == 0) {
unset($config['virtualip']['vip']);
}
}
return $input_errors;
}
#!/usr/local/bin/php
<?php
$options = getopt("i:");
require_once "config.inc";
require_once "gwlb.inc";
require_once "interfaces.inc";
$interface_name = $options[i];
$realif = get_real_interface($interface_name);
$ipaddr = get_interface_ip($interface_name);
$subnet = get_interface_subnet($interface_name);
printf("%s/%s", $ipaddr, $subnet);
}
if ($_POST['custom_subnet_mask'] && is_validmask_v4($_POST['custom_subnet_mask']) != 1) {
$input_errors[] = gettext("A valid custom subnet maks must be specified.");
}
if ($_POST['range_to'] && !is_ipaddrv4($_POST['range_to'])) {
$input_errors[] = gettext("A valid range must be specified.");
}
if ($_POST['gateway'] && $_POST['gateway'] != "none" && !is_ipaddrv4($_POST['gateway'])) {
$input_errors[] = gettext("A valid IP address must be specified for the gateway.");
}
if ($_POST['wins1'] && !is_ipaddrv4($_POST['wins1']) || $_POST['wins2'] && !is_ipaddrv4($_POST['wins2'])) {
$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers.");
}
$parent_ip = is_ipaddrv4($_POST['custom_subnet']) ? $_POST['custom_subnet'] : get_interface_ip($_POST['if']);
if (is_ipaddrv4($parent_ip) && $_POST['gateway'] && $_POST['gateway'] != "none") {
$parent_sn = is_validmask_v4($_POST['custom_subnet_mask']) ? mask2cidr_v4($_POST['custom_subnet_mask']) : get_interface_subnet($_POST['if']);
if (!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) {
$input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']);
}
}
for ($dns = 1; $dns <= 4; $dns++) {
if ($_POST["dns{$dns}"] && !is_ipaddrv4($_POST["dns{$dns}"])) {
$input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers.");
}
}
if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || $_POST['deftime'] < 60)) {
$input_errors[] = gettext("The default lease time must be at least 60 seconds.");
}
if (isset($config['captiveportal']) && is_array($config['captiveportal'])) {
$deftime = 7200;
// Default value if it's empty
// if there are already AON rules configured, don't generate default ones
if (!empty($a_out)) {
continue;
}
/*
* user has enabled advanced outbound NAT and doesn't have rules
* lets automatically create entries
* for all of the interfaces to make life easier on the pip-o-chap
*/
$ifdescrs = get_configured_interface_with_descr();
foreach ($ifdescrs as $if => $ifdesc) {
if (interface_has_gateway($if)) {
continue;
}
$osipaddr = get_interface_ip($if);
$ossubnet = get_interface_subnet($if);
if (!is_ipaddr($osipaddr) || empty($ossubnet)) {
continue;
}
$osn = gen_subnet($osipaddr, $ossubnet);
foreach ($ifdescrs as $if2 => $ifdesc2) {
if (!interface_has_gateway($if2)) {
continue;
}
$natent = array();
$natent['source']['network'] = "{$osn}/{$ossubnet}";
$natent['dstport'] = "500";
$natent['descr'] = sprintf(gettext('Auto created rule for ISAKMP - %1$s to %2$s'), $ifdesc, $ifdesc2);
$natent['target'] = "";
$natent['interface'] = $if2;
$natent['destination']['any'] = true;
