$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
     }
     if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) {
         $input_errors[] = gettext("A valid source bit count must be specified.");
     }
 }
 if (!is_specialnet($_POST['dsttype'])) {
     if ($_POST['dst'] && !is_ipaddroralias($_POST['dst'])) {
         $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
     }
     if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) {
         $input_errors[] = gettext("A valid destination bit count must be specified.");
     }
 }
 if (is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst'])) {
     if (!validate_address_family($_POST['src'], $_POST['dst'])) {
         $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
     }
     if ((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && $_POST['ipprotocol'] == "inet") {
         $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
     }
     if ((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && $_POST['ipprotocol'] == "inet6") {
         $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
     }
 }
 if ((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && $_POST['ipprotocol'] == "inet46") {
     $input_errors[] = gettext("You can not use a IPv4 or IPv6 address in combined IPv4 + IPv6 rules.");
 }
 if ($_POST['srcbeginport'] > $_POST['srcendport']) {
     /* swap */
     $tmp = $_POST['srcendport'];
 $pconfig = $_POST;
 /* input validation */
 $reqdfields = explode(" ", "network network_subnet gateway");
 $reqdfieldsn = explode(",", gettext("Destination network") . "," . gettext("Destination network bit count") . "," . gettext("Gateway"));
 do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
 if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) {
     $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified.");
 }
 if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) {
     $input_errors[] = gettext("A valid destination network bit count must be specified.");
 }
 if ($_POST['gateway'] && is_ipaddr($_POST['network'])) {
     if (!isset($a_gateways[$_POST['gateway']])) {
         $input_errors[] = gettext("A valid gateway must be specified.");
     }
     if (!validate_address_family($_POST['network'], lookup_gateway_ip_by_name($_POST['gateway']))) {
         $input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family as network '{$_POST['network']}'.");
     }
 }
 /* check for overlaps */
 $current_targets = get_staticroutes(true);
 $new_targets = array();
 if (is_ipaddrv6($_POST['network'])) {
     $osn = Net_IPv6::compress(gen_subnetv6($_POST['network'], $_POST['network_subnet'])) . "/" . $_POST['network_subnet'];
     $new_targets[] = $osn;
 }
 if (is_ipaddr($_POST['network'])) {
     if ($_POST['network_subnet'] > 32) {
         $input_errors[] = gettext("A IPv4 subnet can not be over 32 bits.");
     } else {
         $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
Exemple #3
0
 }
 $dnslist = $ignore_posted_dnsgw = array();
 for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) {
     $dnsname = "dns{$dnscounter}";
     $dnsgwname = "dns{$dnscounter}gw";
     $dnslist[] = $_POST[$dnsname];
     if ($_POST[$dnsname] && !is_ipaddr($_POST[$dnsname])) {
         $input_errors[] = sprintf(gettext("A valid IP address must be specified for DNS server %s."), $dnscounter);
     } else {
         if ($_POST[$dnsgwname] != "" && $_POST[$dnsgwname] != "none") {
             // A real gateway has been selected.
             if (is_ipaddr($_POST[$dnsname])) {
                 if (is_ipaddrv4($_POST[$dnsname]) && validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false) {
                     $input_errors[] = sprintf(gettext('The IPv6 gateway "%1$s" can not be specified for IPv4 DNS server "%2$s".'), $_POST[$dnsgwname], $_POST[$dnsname]);
                 }
                 if (is_ipaddrv6($_POST[$dnsname]) && validate_address_family($_POST[$dnsname], $_POST[$dnsgwname]) === false) {
                     $input_errors[] = sprintf(gettext('The IPv4 gateway "%1$s" can not be specified for IPv6 DNS server "%2$s".'), $_POST[$dnsgwname], $_POST[$dnsname]);
                 }
             } else {
                 // The user selected a gateway but did not provide a DNS address. Be nice and set the gateway back to "none".
                 $ignore_posted_dnsgw[$dnsgwname] = true;
             }
         }
     }
 }
 if (count(array_filter($dnslist)) != count(array_unique(array_filter($dnslist)))) {
     $input_errors[] = gettext('Each configured DNS server must have a unique IP address. Remove the duplicated IP.');
 }
 $direct_networks_list = explode(" ", filter_get_direct_networks_list());
 for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) {
     $dnsitem = "dns{$dnscounter}";
Exemple #4
0
 if (!empty($pconfig['domain']) && !is_domain($pconfig['domain'])) {
     $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'.");
 }
 $ignore_posted_dnsgw = array();
 for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) {
     $dnsname = "dns{$dnscounter}";
     $dnsgwname = "dns{$dnscounter}gw";
     if (!empty($pconfig[$dnsname]) && !is_ipaddr($pconfig[$dnsname])) {
         $input_errors[] = gettext("A valid IP address must be specified for DNS server {$dnscounter}.");
     } elseif (!empty($pconfig[$dnsgwname]) && $pconfig[$dnsgwname] != "none") {
         // A real gateway has been selected.
         if (is_ipaddr($pconfig[$dnsname])) {
             if (is_ipaddrv4($pconfig[$dnsname]) && validate_address_family($pconfig[$dnsname], $pconfig[$dnsgwname]) === false) {
                 $input_errors[] = gettext("You can not specify IPv6 gateway '{$pconfig[$dnsgwname]}' for IPv4 DNS server '{$pconfig[$dnsname]}'");
             }
             if (is_ipaddrv6($pconfig[$dnsname]) && validate_address_family($pconfig[$dnsname], $pconfig[$dnsgwname]) === false) {
                 $input_errors[] = gettext("You can not specify IPv4 gateway '{$pconfig[$dnsgwname]}' for IPv6 DNS server '{$pconfig[$dnsname]}'");
             }
         } else {
             // The user selected a gateway but did not provide a DNS address. Be nice and set the gateway back to "none".
             $ignore_posted_dnsgw[$dnsgwname] = true;
         }
     }
 }
 /* XXX cranky low-level call, please refactor */
 $direct_networks_list = explode(' ', filter_get_direct_networks_list(filter_generate_optcfg_array()));
 for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) {
     $dnsitem = "dns{$dnscounter}";
     $dnsgwitem = "dns{$dnscounter}gw";
     if (!empty($pconfig[$dnsgwitem])) {
         if (interface_has_gateway($pconfig[$dnsgwitem])) {
 do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
 if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) {
     $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified.");
 }
 if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) {
     $input_errors[] = gettext("A valid destination network bit count must be specified.");
 }
 if ($_POST['gateway'] && is_ipaddr($_POST['network'])) {
     if (!isset($a_gateways[$_POST['gateway']])) {
         $input_errors[] = gettext("A valid gateway must be specified.");
     } else {
         if (isset($a_gateways[$_POST['gateway']]['disabled']) && !$_POST['disabled']) {
             $input_errors[] = gettext("The gateway is disabled but the route is not. You must disable the route in order to choose a disabled gateway.");
         } else {
             // Note that the 3rd parameter "disabled" must be passed as explicitly true or false.
             if (!validate_address_family($_POST['network'], $_POST['gateway'], $_POST['disabled'] ? true : false)) {
                 $input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family than network '{$_POST['network']}'.");
             }
         }
     }
 }
 /* check for overlaps */
 $current_targets = get_staticroutes(true);
 $new_targets = array();
 if (is_ipaddrv6($_POST['network'])) {
     $osn = gen_subnetv6($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
     $new_targets[] = $osn;
 }
 if (is_ipaddrv4($_POST['network'])) {
     if ($_POST['network_subnet'] > 32) {
         $input_errors[] = gettext("A IPv4 subnet can not be over 32 bits.");
         $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']);
     }
     if (!is_numericint($pconfig['srcmask'])) {
         $input_errors[] = gettext("A valid source bit count must be specified.");
     }
 }
 if (!is_specialnet($pconfig['dst'])) {
     if (!is_ipaddroralias($pconfig['dst'])) {
         $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']);
     }
     if (!is_numericint($pconfig['dstmask'])) {
         $input_errors[] = gettext("A valid destination bit count must be specified.");
     }
 }
 if (is_ipaddr($pconfig['src']) && is_ipaddr($pconfig['dst'])) {
     if (!validate_address_family($pconfig['src'], $pconfig['dst'])) {
         $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $pconfig['src'], $pconfig['dst']);
     }
     if ((is_ipaddrv6($pconfig['src']) || is_ipaddrv6($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet") {
         $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
     }
     if ((is_ipaddrv4($pconfig['src']) || is_ipaddrv4($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet6") {
         $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
     }
 }
 if (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] > 32) {
     $input_errors[] = gettext("Invalid subnet mask on IPv4 source");
 }
 if (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] > 32) {
     $input_errors[] = gettext("Invalid subnet mask on IPv4 destination");
 }
 $pconfig = $_POST;
 /* input validation */
 $reqdfields = explode(" ", "network network_subnet gateway");
 $reqdfieldsn = explode(",", gettext("Destination network") . "," . gettext("Destination network bit count") . "," . gettext("Gateway"));
 do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
 if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) {
     $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified.");
 }
 if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) {
     $input_errors[] = gettext("A valid destination network bit count must be specified.");
 }
 if ($_POST['gateway'] && is_ipaddr($_POST['network'])) {
     if (!isset($a_gateways[$_POST['gateway']])) {
         $input_errors[] = gettext("A valid gateway must be specified.");
     }
     if (!validate_address_family($_POST['network'], $_POST['gateway'])) {
         $input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family as network '{$_POST['network']}'.");
     }
 }
 /* check for overlaps */
 $current_targets = get_staticroutes(true);
 $new_targets = array();
 if (is_ipaddrv6($_POST['network'])) {
     $osn = gen_subnetv6($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
     $new_targets[] = $osn;
 }
 if (is_ipaddrv4($_POST['network'])) {
     if ($_POST['network_subnet'] > 32) {
         $input_errors[] = gettext("A IPv4 subnet can not be over 32 bits.");
     } else {
         $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet'];
Exemple #8
0
 $reqdfields = explode(" ", "hostname domain");
 $reqdfieldsn = array(gettext("Hostname"), gettext("Domain"));
 do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
 if ($_POST['hostname'] && !is_hostname($_POST['hostname'])) {
     $input_errors[] = gettext("The hostname may only contain the characters a-z, 0-9 and '-'.");
 }
 if ($_POST['domain'] && !is_domain($_POST['domain'])) {
     $input_errors[] = gettext("The domain may only contain the characters a-z, 0-9, '-' and '.'.");
 }
 for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) {
     $dnsname = "dns{$dnscounter}";
     $dnsgwname = "dns{$dnscounter}gw";
     if ($_POST[$dnsname] && !is_ipaddr($_POST[$dnsname])) {
         $input_errors[] = gettext("A valid IP address must be specified for the DNS server {$dnscounter}.");
     }
     if ($_POST[$dnsgwname] != "none" && is_ipaddr($_POST[$dnsname]) && validate_address_family($_POST[$dnsname], lookup_gateway_ip_by_name($_POST[$dnsgwname])) === false) {
         $input_errors[] = gettext("The gateway specified for DNS server '{$_POST[$dnsname]}' is not from the same Address Family as gateway '" . lookup_gateway_ip_by_name($_POST[$dnsgwname]) . "'.");
     }
 }
 if ($_POST['webguiport'] && (!is_numericint($_POST['webguiport']) || $_POST['webguiport'] < 1 || $_POST['webguiport'] > 65535)) {
     $input_errors[] = gettext("A valid TCP/IP port must be specified for the webConfigurator port.");
 }
 $direct_networks_list = explode(" ", filter_get_direct_networks_list());
 for ($dnscounter = 1; $dnscounter < 5; $dnscounter++) {
     $dnsitem = "dns{$dnscounter}";
     $dnsgwitem = "dns{$dnscounter}gw";
     if ($_POST[$dnsgwitem]) {
         if (interface_has_gateway($_POST[$dnsgwitem])) {
             foreach ($direct_networks_list as $direct_network) {
                 if (ip_in_subnet($_POST[$dnsitem], $direct_network)) {
                     $input_errors[] = sprintf(gettext("You can not assign a gateway to DNS '%s' server which is on a directly connected network."), $_POST[$dnsitem]);
                    <br> <span class="vexpl"><?php 
echo gettext("Group Name");
?>
</span></td>
                </tr>
		<tr>
                  <td width="22%" valign="top" class="vncellreq"><?php 
echo gettext("Gateway Priority");
?>
</td>
                  <td width="78%" class="vtable"> 
		<?php 
foreach ($a_gateways as $gwname => $gateway) {
    if (!empty($pconfig['item'])) {
        $af = explode("|", $pconfig['item'][0]);
        if (!validate_address_family(lookup_gateway_ip_by_name($af[0]), $gateway['gateway'])) {
            continue;
        }
    }
    $selected = array();
    $interface = $gateway['interface'];
    foreach ((array) $pconfig['item'] as $item) {
        $itemsplit = explode("|", $item);
        if ($itemsplit[0] == $gwname) {
            $selected[$itemsplit[1]] = "selected";
            break;
        } else {
            $selected[0] = "selected";
        }
    }
    echo "<select name='{$gwname}' class='formfldselect' id='{$gwname}'>";
     if (!empty($config['interfaces'][$_POST['interface']]['ipaddr'])) {
         if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddr']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) {
             $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv4 configuration.");
         }
     }
     if (!empty($config['interfaces'][$_POST['interface']]['ipaddrv6'])) {
         if (is_ipaddr($config['interfaces'][$_POST['interface']]['ipaddrv6']) && (empty($_POST['gateway']) || $_POST['gateway'] == "dynamic")) {
             $input_errors[] = gettext("Dynamic gateway values cannot be specified for interfaces with a static IPv6 configuration.");
         }
     }
 }
 if ($_POST['monitor'] != "" && !is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") {
     $input_errors[] = gettext("A valid monitor IP address must be specified.");
 }
 if ($_POST['monitor'] != "" && is_ipaddr($_POST['monitor']) && $_POST['monitor'] != "dynamic") {
     if (!validate_address_family($_POST['monitor'], $_POST['gateway'])) {
         $input_errors[] = gettext("The monitor address '{$_POST['monitor']}' is a different Address Family then gateway '{$_POST['gateway']}'.");
     }
 }
 if (isset($_POST['name'])) {
     /* check for overlaps */
     foreach ($a_gateways as $gateway) {
         if (isset($id) && $a_gateways[$id] && $a_gateways[$id] === $gateway) {
             if ($gateway['name'] != $_POST['name']) {
                 $input_errors[] = gettext("Changing name on a gateway is not allowed.");
             }
             continue;
         }
         if ($_POST['name'] != "") {
             if ($gateway['name'] != "" && $_POST['name'] == $gateway['name'] && $gateway['attribute'] != "system") {
                 $input_errors[] = sprintf(gettext('The gateway name "%s" already exists.'), $_POST['name']);