// init $config['virtualip']['vip'] if (!isset($config['virtualip']['vip']) || !is_array($config['virtualip']['vip'])) { $config['virtualip']['vip'] = array(); } $a_vip =& $config['virtualip']['vip']; if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!empty($_POST['carp_maintenancemode'])) { interfaces_carp_set_maintenancemode(!isset($config["virtualip_carp_maintenancemode"])); } elseif (!empty($_POST['disablecarp'])) { if (get_single_sysctl('net.inet.carp.allow') > 0) { $carp_counter = 0; set_single_sysctl('net.inet.carp.allow', '0'); foreach ($a_vip as $vip) { switch ($vip['mode']) { case "carp": interface_vip_bring_down($vip); $carp_counter++; sleep(1); break; } } $savemsg = sprintf(gettext("%s IPs have been disabled. Please note that disabling does not survive a reboot."), $carp_counter); } else { $savemsg = gettext("CARP has been enabled."); foreach ($a_vip as $vip) { switch ($vip['mode']) { case "carp": interface_carp_configure($vip); sleep(1); break; }
if (session_status() == PHP_SESSION_NONE) { session_start(); } $user = getUserEntry($_SESSION['Username']); if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { header("Location: firewall_virtual_ip.php"); exit; } session_write_close(); // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$_GET['id']]['mode'] == "proxyarp") { $viface = $a_vip[$_GET['id']]['interface']; unset($a_vip[$_GET['id']]); interface_proxyarp_configure($viface); } else { interface_vip_bring_down($a_vip[$_GET['id']]); unset($a_vip[$_GET['id']]); } if (count($config['virtualip']['vip']) == 0) { unset($config['virtualip']['vip']); } write_config(); header("Location: firewall_virtual_ip.php"); exit; } } } else { if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) { $id = $_GET['id']; } }
/** * delete virtual ip */ function deleteVIPEntry($id) { global $config; $input_errors = array(); $a_vip =& $config['virtualip']['vip']; /* make sure no inbound NAT mappings reference this entry */ if (isset($config['nat']['rule'])) { foreach ($config['nat']['rule'] as $rule) { if (!empty($rule['destination']['address'])) { if ($rule['destination']['address'] == $a_vip[$id]['subnet']) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping."); break; } } } } if (is_ipaddrv6($a_vip[$id]['subnet'])) { $is_ipv6 = true; $subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']); $if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']); $if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits); } else { $is_ipv6 = false; $subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']); $if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']); $if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits); } $subnet .= "/" . $a_vip[$id]['subnet_bits']; $if_subnet .= "/" . $if_subnet_bits; if (isset($config['gateways']['gateway_item'])) { foreach ($config['gateways']['gateway_item'] as $gateway) { if ($a_vip[$id]['interface'] != $gateway['interface']) { continue; } if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') { continue; } if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') { continue; } if (ip_in_subnet($gateway['gateway'], $if_subnet)) { continue; } if (ip_in_subnet($gateway['gateway'], $subnet)) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway."); break; } } } if ($a_vip[$id]['mode'] == "ipalias") { $subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits']; $found_if = false; $found_carp = false; $found_other_alias = false; if ($subnet == $if_subnet) { $found_if = true; } $vipiface = $a_vip[$id]['interface']; foreach ($a_vip as $vip_id => $vip) { if ($vip_id != $id) { if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) { if ($vip['mode'] == "carp") { $found_carp = true; } else { if ($vip['mode'] == "ipalias") { $found_other_alias = true; } } } } } if ($found_carp === true && $found_other_alias === false && $found_if === false) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}."; } } if (count($input_errors) == 0) { // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$id]['mode'] == "proxyarp") { $viface = $a_vip[$id]['interface']; unset($a_vip[$id]); interface_proxyarp_configure($viface); } else { interface_vip_bring_down($a_vip[$id]); unset($a_vip[$id]); } if (count($config['virtualip']['vip']) == 0) { unset($config['virtualip']['vip']); } } return $input_errors; }