function delete_static_route($id)
{
global $config, $a_routes, $changedesc_prefix;
if (!isset($a_routes[$id])) {
return;
}
$targets = array();
if (is_alias($a_routes[$id]['network'])) {
foreach (filter_expand_alias_array($a_routes[$id]['network']) as $tgt) {
if (is_ipaddrv4($tgt)) {
$tgt .= "/32";
} else {
if (is_ipaddrv6($tgt)) {
$tgt .= "/128";
}
}
if (!is_subnet($tgt)) {
continue;
}
$targets[] = $tgt;
}
} else {
$targets[] = $a_routes[$id]['network'];
}
foreach ($targets as $tgt) {
$family = is_subnetv6($tgt) ? "-inet6" : "-inet";
mwexec("/sbin/route delete {$family} " . escapeshellarg($tgt));
}
unset($targets);
}
function find_ip_interface($ip, $bits = null)
{
if (!is_ipaddr($ip)) {
return false;
}
$isv6ip = is_ipaddrv6($ip);
/* if list */
$ifdescrs = get_configured_interface_list();
foreach ($ifdescrs as $ifdescr => $ifname) {
$ifip = $isv6ip ? get_interface_ipv6($ifname) : get_interface_ip($ifname);
if (is_null($ifip)) {
continue;
}
if (is_null($bits)) {
if ($ip == $ifip) {
$int = get_real_interface($ifname);
return $int;
}
} else {
if (ip_in_subnet($ifip, $ip . "/" . $bits)) {
$int = get_real_interface($ifname);
return $int;
}
}
}
return false;
}
function build_gatewayv6_list()
{
global $a_gateways, $if;
$list = array("none" => "None");
foreach ($a_gateways as $gateway) {
if ($gateway['interface'] == $if && is_ipaddrv6($gateway['gateway'])) {
$list[$gateway['name']] = $gateway['name'] . " - " . $gateway['gateway'];
}
}
return $list;
}
break;
}
}
}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
if ($_POST['enable']) {
$reqdfields = explode(" ", "server interface");
$reqdfieldsn = array(gettext("Destination Server"), gettext("Interface"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
$svrlist = '';
if ($_POST['server']) {
foreach ($_POST['server'] as $checksrv => $srv) {
if (!is_ipaddrv6($srv[0])) {
$input_errors[] = gettext("A valid Destination Server IPv6 address must be specified.");
}
if (!empty($srv[0])) {
// Filter out any empties
if (!empty($svrlist)) {
$svrlist .= ',';
}
$svrlist .= $srv[0];
}
}
}
}
if (!$input_errors) {
$config['dhcrelay6']['enable'] = $_POST['enable'] ? true : false;
$config['dhcrelay6']['interface'] = implode(",", $_POST['interface']);
$section->addInput(new Form_Input('domain', 'Domain', 'text', $pconfig['domain'], ['placeholder' => 'mycorp.com, home, office, private, etc.']))->setHelp('Do not use \'local\' as a domain name. It will cause local ' . 'hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve ' . 'local hosts not running mDNS.');
$form->add($section);
$section = new Form_Section('DNS Server Settings');
for ($i = 1; $i < 5; $i++) {
// if (!isset($pconfig['dns'.$i]))
// continue;
$group = new Form_Group('DNS Server ' . $i);
$group->add(new Form_Input('dns' . $i, 'DNS Server', 'text', $pconfig['dns' . $i]))->setHelp($i == 4 ? 'Address' : null);
$help = "Enter IP addresses to be used by the system for DNS resolution. " . "These are also used for the DHCP service, DNS forwarder and for PPTP VPN clients.";
if ($multiwan) {
$options = array('none' => 'none');
foreach ($arr_gateways as $gwname => $gwitem) {
if (is_ipaddrv4(lookup_gateway_ip_by_name($pconfig[$dnsgw])) && is_ipaddrv6($gwitem['gateway'])) {
continue;
}
if (is_ipaddrv6(lookup_gateway_ip_by_name($pconfig[$dnsgw])) && is_ipaddrv4($gwitem['gateway'])) {
continue;
}
$options[$gwname] = $gwname . ' - ' . $gwitem['friendlyiface'] . ' - ' . $gwitem['gateway'];
}
$group->add(new Form_Select('dns' . $i . 'gw', 'Gateway', $pconfig['dns' . $i . 'gw'], $options))->setHelp($i == 4 ? 'Gateway' : null);
$help .= '<br/>' . "In addition, optionally select the gateway for each DNS server. " . "When using multiple WAN connections there should be at least one unique DNS server per gateway.";
}
if ($i == 4) {
$group->setHelp($help);
}
$section->add($group);
}
$section->addInput(new Form_Checkbox('dnsallowoverride', 'DNS Server Override', 'Allow DNS server list to be overridden by DHCP/PPP on WAN', $pconfig['dnsallowoverride']))->setHelp(sprintf(gettext('If this option is set, %s will use DNS servers ' . 'assigned by a DHCP/PPP server on WAN for its own purposes (including ' . 'the DNS forwarder). However, they will not be assigned to DHCP and PPTP ' . 'VPN clients.'), $g['product_name']));
$section->addInput(new Form_Checkbox('dnslocalhost', 'Disable DNS Forwarder', 'Do not use the DNS Forwarder as a DNS server for the firewall', $pconfig['dnslocalhost']))->setHelp('By default localhost (127.0.0.1) will be used as the first DNS ' . 'server where the DNS Forwarder or DNS Resolver is enabled and set to ' . 'listen on Localhost, so system can use the local DNS service to perform ' . 'lookups. Checking this box omits localhost from the list of DNS servers.');
$form->add($section);
} else {
$tls_mode = false;
}
if (!empty($pconfig['autokey_enable'])) {
$pconfig['shared_key'] = openvpn_create_key();
}
// all input validators
if (strpos($pconfig['interface'], '|') !== false) {
list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']);
} else {
$iv_iface = $pconfig['interface'];
$iv_ip = null;
}
if (is_ipaddrv4($iv_ip) && stristr($pconfig['protocol'], "6") !== false) {
$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
} elseif (is_ipaddrv6($iv_ip) && stristr($pconfig['protocol'], "6") === false) {
$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
} elseif (stristr($pconfig['protocol'], "6") === false && !get_interface_ip($iv_iface) && $pconfig['interface'] != "any") {
$input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
} elseif (stristr($pconfig['protocol'], "6") !== false && !get_interface_ipv6($iv_iface) && $pconfig['interface'] != "any") {
$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
}
if (empty($pconfig['authmode']) && ($pconfig['mode'] == "server_user" || $pconfig['mode'] == "server_tls_user")) {
$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
}
if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
$input_errors[] = $result;
}
if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
$input_errors[] = $result;
}
if ($_POST['interface'] == 'lo0') {
$input_errors[] = gettext("For this type of vip localhost is not allowed.");
} else {
if (strpos($_POST['interface'], '_vip')) {
$input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
}
}
break;
case 'ipalias':
if (strstr($_POST['interface'], "_vip")) {
if (is_ipaddrv4($_POST['subnet'])) {
$parent_ip = get_interface_ip($_POST['interface']);
$parent_sn = get_interface_subnet($_POST['interface']);
$subnet = gen_subnet($parent_ip, $parent_sn);
} else {
if (is_ipaddrv6($_POST['subnet'])) {
$parent_ip = get_interface_ipv6($_POST['interface']);
$parent_sn = get_interface_subnetv6($_POST['interface']);
$subnet = gen_subnetv6($parent_ip, $parent_sn);
}
}
if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find);
}
unset($parent_ip, $parent_sn, $subnet);
}
break;
default:
if ($_POST['interface'] == 'lo0') {
$input_errors[] = gettext("For this type of vip localhost is not allowed.");
if (isset($cpzone) && !empty($cpzone) && isset($a_cp[$cpzone]['zoneid'])) {
$cpzoneid = $a_cp[$cpzone]['zoneid'];
}
$pgtitle = array(gettext("Services"), gettext("Captive Portal"), "Zone " . $a_cp[$cpzone]['zone'], gettext("Allowed Hostnames"));
$shortcut_section = "captiveportal";
if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) {
$a_allowedhostnames =& $a_cp[$cpzone]['allowedhostname'];
if ($a_allowedhostnames[$_GET['id']]) {
$ipent = $a_allowedhostnames[$_GET['id']];
if (isset($a_cp[$cpzone]['enable'])) {
if (is_ipaddr($ipent['hostname'])) {
$ip = $ipent['hostname'];
} else {
$ip = gethostbyname($ipent['hostname']);
}
$sn = is_ipaddrv6($ip) ? 128 : 32;
if (is_ipaddr($ip)) {
$ipfw = pfSense_ipfw_getTablestats($cpzoneid, IP_FW_TABLE_XLISTENTRY, 3, $ip);
if (is_array($ipfw)) {
captiveportal_free_dn_ruleno($ipfw['dnpipe']);
pfSense_pipe_action("pipe delete {$ipfw['dnpipe']}");
pfSense_pipe_action("pipe delete " . ($ipfw['dnpipe'] + 1));
}
pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XDEL, 3, $ip, $sn);
pfSense_ipfw_Tableaction($cpzoneid, IP_FW_TABLE_XDEL, 4, $ip, $sn);
}
}
unset($a_allowedhostnames[$_GET['id']]);
write_config();
captiveportal_allowedhostname_configure();
header("Location: services_captiveportal_hostname.php?zone={$cpzone}");
$reqdfieldsn[] = gettext("Remote gateway");
}
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (isset($validate_pskey) && isset($pconfig['pskey']) && !preg_match('/^[[:ascii:]]*$/', $pconfig['pskey'])) {
unset($validate_pskey);
$input_errors[] = gettext("Pre-Shared Key contains invalid characters.");
}
if ($pconfig['lifetime'] && !is_numericint($pconfig['lifetime'])) {
$input_errors[] = gettext("The P1 lifetime must be an integer.");
}
if ($pconfig['remotegw']) {
if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) {
$input_errors[] = gettext("A valid remote gateway address or host name must be specified.");
} elseif (is_ipaddrv4($pconfig['remotegw']) && $pconfig['protocol'] != "inet") {
$input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or protocol needs to be changed to IPv6");
} elseif (is_ipaddrv6($pconfig['remotegw']) && $pconfig['protocol'] != "inet6") {
$input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or protocol needs to be changed to IPv4");
}
}
if ($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled'])) {
$t = 0;
foreach ($a_phase1 as $ph1tmp) {
if ($p1index != $t) {
$tremotegw = $pconfig['remotegw'];
if ($ph1tmp['remote-gateway'] == $tremotegw && !isset($ph1tmp['disabled'])) {
$input_errors[] = sprintf(gettext('The remote gateway "%1$s" is already used by phase1 "%2$s".'), $tremotegw, $ph1tmp['descr']);
}
}
$t++;
}
}
break;
}
}
switch ($pconfig['remoteid_type']) {
case "network":
if ($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits'] || !is_numeric($pconfig['remoteid_netbits'])) {
$input_errors[] = gettext("A valid remote network bit count must be specified.");
}
// address rules also apply to network type (hence, no break)
// address rules also apply to network type (hence, no break)
case "address":
if (!$pconfig['remoteid_address'] || !is_ipaddr($pconfig['remoteid_address'])) {
$input_errors[] = gettext("A valid remote network IP address must be specified.");
} elseif (is_ipaddrv4($pconfig['remoteid_address']) && $pconfig['mode'] != "tunnel") {
$input_errors[] = gettext("A valid remote network IPv4 address must be specified or you need to change Mode to IPv6");
} elseif (is_ipaddrv6($pconfig['remoteid_address']) && $pconfig['mode'] != "tunnel6") {
$input_errors[] = gettext("A valid remote network IPv6 address must be specified or you need to change Mode to IPv4");
}
break;
}
}
/* Validate enabled phase2's are not duplicates */
if (isset($pconfig['mobile'])) {
/* User is adding phase 2 for mobile phase1 */
foreach ($config['ipsec']['phase2'] as $key => $name) {
if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
/* check duplicate localids only for mobile clents */
$localid_data = ipsec_idinfo_to_cidr($name['localid'], false, $name['mode']);
$entered = array();
$entered['type'] = $pconfig['localid_type'];
if (isset($pconfig['localid_address'])) {
if (!is_ipaddr($_POST['tunnel-local-addr']) || !is_ipaddr($_POST['tunnel-remote-addr']) || !is_ipaddr($_POST['remote-addr'])) {
$input_errors[] = gettext("The tunnel local and tunnel remote fields must have valid IP addresses.");
}
if (!is_numericint($_POST['tunnel-remote-net'])) {
$input_errors[] = gettext("The GRE tunnel subnet must be an integer.");
}
if (is_ipaddrv4($_POST['tunnel-local-addr'])) {
if (!is_ipaddrv4($_POST['tunnel-remote-addr'])) {
$input_errors[] = gettext("The GRE Tunnel remote address must be IPv4 where tunnel local address is IPv4.");
}
if ($_POST['tunnel-remote-net'] > 32 || $_POST['tunnel-remote-net'] < 1) {
$input_errors[] = gettext("The GRE tunnel subnet must be an integer between 1 and 32.");
}
}
if (is_ipaddrv6($_POST['tunnel-local-addr'])) {
if (!is_ipaddrv6($_POST['tunnel-remote-addr'])) {
$input_errors[] = gettext("The GRE Tunnel remote address must be IPv6 where tunnel local address is IPv6.");
}
if ($_POST['tunnel-remote-net'] > 128 || $_POST['tunnel-remote-net'] < 1) {
$input_errors[] = gettext("The GRE tunnel subnet must be an integer between 1 and 128.");
}
}
foreach ($a_gres as $gre) {
if (isset($id) && $a_gres[$id] && $a_gres[$id] === $gre) {
continue;
}
if ($gre['if'] == $_POST['if'] && $gre['tunnel-remote-addr'] == $_POST['tunnel-remote-addr']) {
$input_errors[] = sprintf(gettext("A GRE tunnel with the network %s is already defined."), $gre['remote-network']);
break;
}
}
}
}
if ($_POST) {
unset($input_errors);
if ($_POST['server']) {
$_POST['server'] = filterDestinationServers($_POST['server']);
}
$pconfig = $_POST;
/* input validation */
if ($_POST['enable']) {
$reqdfields = explode(" ", "server interface");
$reqdfieldsn = array(gettext("Destination Server"), gettext("Interface"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if ($_POST['server']) {
foreach ($_POST['server'] as $srv) {
if (!is_ipaddrv6($srv)) {
$input_errors[] = gettext("A valid Destination Server IPv6 address must be specified.");
}
}
}
}
if (!$input_errors) {
$config['dhcrelay6']['enable'] = $_POST['enable'] ? true : false;
$config['dhcrelay6']['interface'] = implode(",", $_POST['interface']);
$config['dhcrelay6']['agentoption'] = $_POST['agentoption'] ? true : false;
$config['dhcrelay6']['server'] = $_POST['server'];
write_config();
$retval = 0;
$retval = services_dhcrelay6_configure();
$savemsg = get_std_save_message($retval);
}
<strong><?php
printf(gettext("Enable DHCPv6 relay on interface"));
?>
</strong>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?php
echo gettext('Interface(s)');
?>
</td>
<td width="78%" class="vtable">
<select id="interface" name="interface[]" multiple="multiple" class="formselect" size="3">
<?php
foreach ($iflist as $ifent => $ifdesc) {
if (!is_ipaddrv6(get_interface_ipv6($ifent))) {
continue;
}
echo "<option value=\"{$ifent}\"";
if (!empty($pconfig['interface']) && in_array($ifent, $pconfig['interface'])) {
echo " selected=\"selected\"";
}
echo ">{$ifdesc}</option>\n";
}
?>
</select>
<br /><?php
echo gettext("Interfaces without an IPv6 address will not be shown.");
?>
</td>
</tr>
echo $selected_key == "address" ? "selected=\"selected\"" : "";
?>
>
<?php
echo gettext("Interface Address");
?>
</option>
<?php
foreach (get_configured_carp_interface_list() as $vip => $address) {
if (!preg_match("/^{$gateway['friendlyiface']}_/i", $vip)) {
continue;
}
if ($gateway['ipprotocol'] == "inet" && !is_ipaddrv4($address)) {
continue;
}
if ($gateway['ipprotocol'] == "inet6" && !is_ipaddrv6($address)) {
continue;
}
?>
<option value="<?php
echo $vip;
?>
" <?php
echo $selected_key == $vip ? "selected=\"selected\"" : "";
?>
>
<?php
echo $vip;
?>
- <?php
echo $address;
}
if (isset($_POST['data_payload']) && is_numeric($_POST['data_payload']) && $_POST['data_payload'] < 0) {
$input_errors[] = gettext("A valid data payload must be specified.");
}
/* only allow correct IPv4 and IPv6 gateway addresses */
if ($_POST['gateway'] != "" && is_ipaddr($_POST['gateway']) && $_POST['gateway'] != "dynamic") {
if (is_ipaddrv6($_POST['gateway']) && $_POST['ipprotocol'] == "inet") {
$input_errors[] = sprintf(gettext("The IPv6 gateway address '%s' can not be used as a IPv4 gateway."), $_POST['gateway']);
}
if (is_ipaddrv4($_POST['gateway']) && $_POST['ipprotocol'] == "inet6") {
$input_errors[] = sprintf(gettext("The IPv4 gateway address '%s' can not be used as a IPv6 gateway."), $_POST['gateway']);
}
}
/* only allow correct IPv4 and IPv6 monitor addresses */
if ($_POST['monitor'] != "" && is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") {
if (is_ipaddrv6($_POST['monitor']) && $_POST['ipprotocol'] == "inet") {
$input_errors[] = sprintf(gettext("The IPv6 monitor address '%s' can not be used on a IPv4 gateway."), $_POST['monitor']);
}
if (is_ipaddrv4($_POST['monitor']) && $_POST['ipprotocol'] == "inet6") {
$input_errors[] = sprintf(gettext("The IPv4 monitor address '%s' can not be used on a IPv6 gateway."), $_POST['monitor']);
}
}
if (isset($_POST['name'])) {
/* check for overlaps */
foreach ($a_gateways as $gateway) {
if (isset($id) && $a_gateways[$id] && $a_gateways[$id] === $gateway) {
if ($gateway['name'] != $_POST['name']) {
$input_errors[] = gettext("Changing name on a gateway is not allowed.");
}
continue;
}
require_once "auth.inc";
include 'head.inc';
$ous = array();
if (isset($_GET['basedn']) && isset($_GET['host'])) {
if (isset($_GET['cert'])) {
$authcfg = array();
$authcfg['ldap_caref'] = $_GET['cert'];
ldap_setup_caenv($authcfg);
}
$ldap_authcn = isset($_GET['authcn']) ? explode(";", $_GET['authcn']) : array();
if (isset($_GET['urltype']) && strstr($_GET['urltype'], "Standard")) {
$ldap_full_url = "ldap://";
} else {
$ldap_full_url = "ldaps://";
}
$ldap_full_url .= is_ipaddrv6($_GET['host']) ? "[{$_GET['host']}]" : $_GET['host'];
if (!empty($_GET['port'])) {
$ldap_full_url .= ":{$_GET['port']}";
}
$ldap_auth = new OPNsense\Auth\LDAP($_GET['basedn'], isset($_GET['proto']) ? $_GET['proto'] : 3);
$ldap_is_connected = $ldap_auth->connect($ldap_full_url, !empty($_GET['binddn']) ? $_GET['binddn'] : null, !empty($_GET['bindpw']) ? $_GET['bindpw'] : null);
if ($ldap_is_connected) {
$ous = $ldap_auth->listOUs();
}
}
?>
<body>
<script type="text/javascript">
function post_choices() {
for ($x = 0; $x < 50; $x++) {
if (isset($pconfig["acl_network{$x}"])) {
$networkacl[$x] = array();
$networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"];
$networkacl[$x]['mask'] = $pconfig["mask{$x}"];
$networkacl[$x]['description'] = $pconfig["description{$x}"];
if (!is_ipaddr($networkacl[$x]['acl_network'])) {
$input_errors[] = gettext("You must enter a valid IP address for each row under Networks.");
}
if (is_ipaddr($networkacl[$x]['acl_network'])) {
if (!is_subnet($networkacl[$x]['acl_network'] . "/" . $networkacl[$x]['mask'])) {
$input_errors[] = gettext("You must enter a valid IPv4 netmask for each IPv4 row under Networks.");
}
} else {
if (function_exists("is_ipaddrv6")) {
if (!is_ipaddrv6($networkacl[$x]['acl_network'])) {
$input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}.");
} else {
if (!is_subnetv6($networkacl[$x]['acl_network'] . "/" . $networkacl[$x]['mask'])) {
$input_errors[] = gettext("You must enter a valid IPv6 netmask for each IPv6 row under Networks.");
}
}
} else {
$input_errors[] = gettext("You must enter a valid IP address for each row under Networks.");
}
}
} else {
if (isset($networkacl[$x])) {
unset($networkacl[$x]);
}
}
require_once "guiconfig.inc";
define('MAX_COUNT', 10);
define('DEFAULT_COUNT', 3);
if ($_POST || $_REQUEST['host']) {
unset($input_errors);
unset($do_ping);
/* input validation */
$reqdfields = explode(" ", "host count");
$reqdfieldsn = array(gettext("Host"), gettext("Count"));
do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors);
if ($_REQUEST['count'] < 1 || $_REQUEST['count'] > MAX_COUNT) {
$input_errors[] = sprintf(gettext("Count must be between 1 and %s"), MAX_COUNT);
}
$host = trim($_REQUEST['host']);
$ipproto = $_REQUEST['ipproto'];
if ($ipproto == "ipv4" && is_ipaddrv6($host)) {
$input_errors[] = gettext("When using IPv4, the target host must be an IPv4 address or hostname.");
}
if ($ipproto == "ipv6" && is_ipaddrv4($host)) {
$input_errors[] = gettext("When using IPv6, the target host must be an IPv6 address or hostname.");
}
if (!$input_errors) {
$do_ping = true;
$sourceip = $_REQUEST['sourceip'];
$count = $_POST['count'];
if (preg_match('/[^0-9]/', $count)) {
$count = DEFAULT_COUNT;
}
}
}
if (!isset($do_ping)) {
return $resolved;
}
if (isset($_POST['create_alias']) && (is_hostname($host) || is_ipaddr($host))) {
$resolved = gethostbyname($host);
$type = "hostname";
if ($resolved) {
$resolved = resolve_host_addresses($host);
$isfirst = true;
foreach ($resolved as $re) {
if ($re['data'] != "") {
if (!$isfirst) {
$addresses .= " ";
}
$re = rtrim($re['data']);
if (is_ipaddr($re)) {
$sn = is_ipaddrv6($re) ? '/128' : '/32';
} else {
// The name was a CNAME and resolved to another name, rather than an address.
// In this case the alias entry will have a FQDN, so do not put a CIDR after it.
$sn = "";
}
$addresses .= $re . $sn;
$isfirst = false;
}
}
$newalias = array();
$newalias['name'] = $aliasname;
$newalias['type'] = "network";
$newalias['address'] = $addresses;
$newalias['descr'] = gettext("Created from Diagnostics-> DNS Lookup");
if ($alias_exists) {
}
display_top_tabs($tab_array);
$tab_array = array();
$tab_array[] = array(gettext("DHCPv6 Server"), false, "services_dhcpv6.php?if={$if}");
$tab_array[] = array(gettext("Router Advertisements"), true, "services_router_advertisements.php?if={$if}");
display_top_tabs($tab_array, false, 'nav nav-tabs');
$form = new Form(new Form_Button('Submit', gettext("Save")));
$section = new Form_Section('Advertisements');
$section->addInput(new Form_Select('ramode', 'Router mode', $pconfig['ramode'], $advertise_modes))->setHelp('Select the Operating Mode for the Router Advertisement (RA) Daemon. Use:' . '<br />' . ' <strong>Router Only</strong> to only advertise this router' . '<br />' . ' <strong>Unmanaged</strong> for Router Advertising with Stateless Autoconfig' . '<br />' . ' <strong>Managed</strong> for assignment through a DHCPv6 Server' . '<br />' . ' <strong>Assisted</strong> for DHCPv6 Server assignment combined with Stateless Autoconfig.' . 'It is not required to activate this DHCPv6 server when set to "Managed", this can be another host on the network');
$section->addInput(new Form_Select('rapriority', 'Router priority', $pconfig['rapriority'], $priority_modes))->setHelp('Select the Priority for the Router Advertisement (RA) Daemon.');
$section->addInput(new Form_Input('ravalidlifetime', 'Default valid lifetime', 'text', $pconfig['ravalidlifetime']))->setHelp('Seconds. The length of time in seconds (relative to the time the packet is sent) that the prefix is valid for the purpose of on-link determination.' . ' <br />' . 'The default is 86400 seconds.');
$section->addInput(new Form_Input('rapreferredlifetime', 'Default preferred lifetime', 'text', $pconfig['rapreferredlifetime']))->setHelp('Seconds. The length of time in seconds (relative to the time the packet is sent) that addresses generated from the prefix via stateless address autoconfiguration remain preferred.' . ' <br />' . 'The default is 14400 seconds.');
$carplistif = array();
if (count($carplist) > 0) {
foreach ($carplist as $ifname => $vip) {
if (preg_match("/^{$if}_/", $ifname) && is_ipaddrv6($vip)) {
$carplistif[$ifname] = $vip;
}
}
}
if (count($carplistif) > 0) {
$list = array();
foreach ($carplistif as $ifname => $vip) {
$list['interface'] = strtoupper($if);
$list[$ifname] = $ifname . ' - ' . $vip;
}
$section->addInput(new Form_Select('rainterface', 'RA Interface', $pconfig['rainterface'], $list))->setHelp('Select the Interface for the Router Advertisement (RA) Daemon.');
}
$section->addInput(new Form_StaticText('RA Subnets', $subnets_help));
if (empty($pconfig['subnets'])) {
$pconfig['subnets'] = array('0' => '/128');
$pgtitle[] = gettext("Router Advertisements");
include "head.inc";
if ($input_errors) {
print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg, 'success');
}
/* active tabs */
$tab_array = array();
$tabscounter = 0;
$i = 0;
foreach ($iflist as $ifent => $ifname) {
$oc = $config['interfaces'][$ifent];
// We need interfaces configured with a static IPv6 address or track6 for PD.
if (!is_ipaddrv6($oc['ipaddrv6']) && $oc['ipaddrv6'] != "track6") {
continue;
}
if ($ifent == $if) {
$active = true;
} else {
$active = false;
}
$tab_array[] = array($ifname, $active, "services_router_advertisements.php?if={$ifent}");
$tabscounter++;
}
if ($tabscounter == 0) {
include "foot.inc";
exit;
}
display_top_tabs($tab_array);
if ($_POST['disabled']) {
$route['disabled'] = true;
} else {
unset($route['disabled']);
}
if (file_exists("{$g['tmp_path']}/.system_routes.apply")) {
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.system_routes.apply"));
} else {
$toapplylist = array();
}
$a_routes[$id] = $route;
if (!empty($oroute)) {
$delete_targets = array_diff($old_targets, $new_targets);
if (count($delete_targets)) {
foreach ($delete_targets as $dts) {
if (is_ipaddrv6($dts)) {
$family = "-inet6";
}
$toapplylist[] = "/sbin/route delete {$family} {$dts}";
}
}
}
file_put_contents("{$g['tmp_path']}/.system_routes.apply", serialize($toapplylist));
staticroutes_sort();
mark_subsystem_dirty('staticroutes');
write_config();
header("Location: system_routes.php");
exit;
}
}
$pgtitle = array(gettext("System"), gettext("Static Routes"), gettext("Edit route"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if ($_POST['host'] && !is_hostname($_POST['host'])) {
$input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'.");
}
if ($_POST['domain'] && !is_domain($_POST['domain'])) {
$input_errors[] = gettext("A valid domain must be specified.");
}
if ($_POST['ip'] && !is_ipaddr($_POST['ip'])) {
$input_errors[] = gettext("A valid IP address must be specified.");
}
/* check for overlaps */
foreach ($a_hosts as $hostent) {
if (isset($id) && $a_hosts[$id] && $a_hosts[$id] === $hostent) {
continue;
}
if ($hostent['host'] == $_POST['host'] && $hostent['domain'] == $_POST['domain'] && (is_ipaddrv4($hostent['ip']) && is_ipaddrv4($_POST['ip']) || is_ipaddrv6($hostent['ip']) && is_ipaddrv6($_POST['ip']))) {
$input_errors[] = gettext("This host/domain already exists.");
break;
}
}
if (!$input_errors) {
$hostent = array();
$hostent['host'] = $_POST['host'];
$hostent['domain'] = $_POST['domain'];
$hostent['ip'] = $_POST['ip'];
$hostent['descr'] = $_POST['descr'];
if (isset($id) && $a_hosts[$id]) {
$a_hosts[$id] = $hostent;
} else {
$a_hosts[] = $hostent;
}
}
}
if ($_GET['act'] == "del") {
if ($a_vip[$_GET['id']]) {
/* make sure no inbound NAT mappings reference this entry */
if (is_array($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if ($rule['destination']['address'] != "") {
if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (is_array($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) {
$reqdfieldsn = array(gettext("DUID Identifier"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if ($_POST['hostname']) {
preg_match("/\\-\$/", $_POST['hostname'], $matches);
if ($matches) {
$input_errors[] = gettext("The hostname cannot end with a hyphen according to RFC952");
}
if (!is_hostname($_POST['hostname'])) {
$input_errors[] = gettext("The hostname can only contain the characters A-Z, 0-9 and '-'.");
} else {
if (strpos($_POST['hostname'], '.')) {
$input_errors[] = gettext("A valid hostname is specified, but the domain name part should be omitted");
}
}
}
if ($_POST['ipaddrv6'] && !is_ipaddrv6($_POST['ipaddrv6'])) {
$input_errors[] = gettext("A valid IPv6 address must be specified.");
}
if (empty($_POST['duid'])) {
$input_errors[] = gettext("A valid DUID Identifier must be specified.");
}
/* check for overlaps */
foreach ($a_maps as $mapent) {
if (isset($id) && $a_maps[$id] && $a_maps[$id] === $mapent) {
continue;
}
if ($mapent['hostname'] == $_POST['hostname'] && $mapent['hostname'] || $mapent['duid'] == $_POST['duid']) {
$input_errors[] = gettext("This Hostname, IP or DUID Identifier already exists.");
break;
}
}
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php
echo gettext("IPv6 Upstream Gateway");
?>
</td>
<td width="78%" class="vtable">
<select name="gatewayv6" class="formselect" id="gatewayv6">
<option value="none" selected="selected"><?php
echo gettext("None");
?>
</option>
<?php
if (count($a_gateways) > 0) {
foreach ($a_gateways as $gateway) {
if ($gateway['interface'] == $if && is_ipaddrv6($gateway['gateway'])) {
?>
<option value="<?php
echo $gateway['name'];
?>
" <?php
if ($gateway['name'] == $pconfig['gatewayv6']) {
echo "selected=\"selected\"";
}
?>
>
<?php
echo htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']);
?>
</option>
<?php
if ($_POST || $_REQUEST['host']) {
unset($input_errors);
unset($do_traceroute);
/* input validation */
$reqdfields = explode(" ", "host ttl");
$reqdfieldsn = array(gettext("Host"),gettext("ttl"));
do_input_validation($_REQUEST, $reqdfields, $reqdfieldsn, $input_errors);
if (($_REQUEST['ttl'] < 1) || ($_REQUEST['ttl'] > MAX_TTL)) {
$input_errors[] = sprintf(gettext("Maximum number of hops must be between 1 and %s"), MAX_TTL);
}
$host = trim($_REQUEST['host']);
$ipproto = $_REQUEST['ipproto'];
if (($ipproto == "ipv4") && is_ipaddrv6($host))
$input_errors[] = gettext("When using IPv4, the target host must be an IPv4 address or hostname.");
if (($ipproto == "ipv6") && is_ipaddrv4($host))
$input_errors[] = gettext("When using IPv6, the target host must be an IPv6 address or hostname.");
if (!$input_errors) {
$sourceip = $_REQUEST['sourceip'];
$do_traceroute = true;
$ttl = $_REQUEST['ttl'];
$resolve = $_REQUEST['resolve'];
}
} else
$resolve = true;
if (!isset($do_traceroute)) {
$do_traceroute = false;
function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto)
{
global $config;
/* No rules, start a new array */
if (!is_array($config['filter']['rule'])) {
$config['filter']['rule'] = array();
}
filter_rules_sort();
$a_filter =& $config['filter']['rule'];
/* Make up a new rule */
$filterent = array();
$filterent['type'] = 'pass';
$filterent['interface'] = $int;
$filterent['ipprotocol'] = $ipproto;
$filterent['descr'] = gettext("Easy Rule: Passed from Firewall Log View");
if ($proto != "any") {
$filterent['protocol'] = $proto;
} else {
unset($filterent['protocol']);
}
/* Default to only allow echo requests, since that's what most people want and
* it should be a safe choice. */
if ($proto == "icmp") {
$filterent['icmptype'] = 'echoreq';
}
if (strtolower($proto) == "icmp6" || strtolower($proto) == "icmpv6") {
$filterent['protocol'] = "icmp";
}
if (is_subnet($srchost)) {
list($srchost, $srcmask) = explode("/", $srchost);
} elseif (is_specialnet($srchost)) {
$srcmask = 0;
} elseif (is_ipaddrv6($srchost)) {
$srcmask = 128;
} else {
$srcmask = 32;
}
if (is_subnet($dsthost)) {
list($dsthost, $dstmask) = explode("/", $dsthost);
} elseif (is_specialnet($dsthost)) {
$dstmask = 0;
} elseif (is_ipaddrv6($dsthost)) {
$dstmask = 128;
} else {
$dstmask = 32;
}
pconfig_to_address($filterent['source'], $srchost, $srcmask);
pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport);
$filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule"));
$a_filter[] = $filterent;
write_config($filterent['descr']);
$retval = filter_configure();
return true;
}
?>
>
<select name='gateway'>
<option value="" ><?php
echo gettext("default");
?>
</option>
<?php
/* build a list of gateways */
$gateways = return_gateways_array();
// add statically configured gateways to list
foreach ($gateways as $gwname => $gw) {
if ($pconfig['ipprotocol'] == "inet46") {
continue;
}
if ($pconfig['ipprotocol'] == "inet6" && !($gw['ipprotocol'] == "inet6" || is_ipaddrv6($gw['gateway']))) {
continue;
}
if ($pconfig['ipprotocol'] == "inet" && !($gw['ipprotocol'] == "inet" || is_ipaddrv4($gw['gateway']))) {
continue;
}
if ($gw == "") {
continue;
}
if ($gwname == $pconfig['gateway']) {
$selected = " selected=\"selected\"";
} else {
$selected = "";
}
$gateway_addr_str = empty($gw['gateway']) ? "" : " - " . $gw[gateway];
echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']}{$gateway_addr_str}</option>\n";
$pconfig['link1'] = isset($a_gifs[$id]['link1']);
$pconfig['link0'] = isset($a_gifs[$id]['link0']);
$pconfig['descr'] = $a_gifs[$id]['descr'];
}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "if tunnel-remote-addr tunnel-remote-net tunnel-local-addr");
$reqdfieldsn = array(gettext("Parent interface,Local address, Remote tunnel address, Remote tunnel network, Local tunnel address"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (!is_ipaddr($_POST['tunnel-local-addr']) || !is_ipaddr($_POST['tunnel-remote-addr']) || !is_ipaddr($_POST['remote-addr'])) {
$input_errors[] = gettext("The tunnel local and tunnel remote fields must have valid IP addresses.");
}
$alias = strstr($_POST['if'], '|');
if (is_ipaddrv4($alias) && !is_ipaddrv4($_POST['remote-addr']) || is_ipaddrv6($alias) && !is_ipaddrv6($_POST['remote-addr'])) {
$input_errors[] = gettext("The alias IP address family has to match the family of the remote peer address.");
}
foreach ($a_gifs as $gif) {
if (isset($id) && $a_gifs[$id] && $a_gifs[$id] === $gif) {
continue;
}
/* FIXME: needs to perform proper subnet checks in the feature */
if ($gif['if'] == $interface && $gif['tunnel-remote-addr'] == $_POST['tunnel-remote-addr']) {
$input_errors[] = sprintf(gettext("A gif with the network %s is already defined."), $gif['tunnel-remote-addr']);
break;
}
}
if (!$input_errors) {
$gif = array();
list($gif['if'], $gif['ipaddr']) = explode("|", $_POST['if']);
