Exemplo n.º 1
0
 }
 /* For dst, user can enter ip's, networks or aliases */
 if (!is_specialnet($_POST['dsttype'])) {
     if ($_POST['dst'] && !is_ipaddroralias($_POST['dst'])) {
         $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
     }
     if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) {
         $input_errors[] = gettext("A valid destination bit count must be specified.");
     }
 }
 /* check for overlaps with other 1:1 */
 foreach ($a_1to1 as $natent) {
     if (isset($id) && $a_1to1[$id] && $a_1to1[$id] === $natent) {
         continue;
     }
     if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) {
         //$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet.";
         //break;
     }
 }
 if (!$input_errors) {
     $natent = array();
     $natent['disabled'] = isset($_POST['disabled']) ? true : false;
     $natent['external'] = $_POST['external'];
     $natent['descr'] = $_POST['descr'];
     $natent['interface'] = $_POST['interface'];
     pconfig_to_address($natent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot']);
     pconfig_to_address($natent['destination'], $_POST['dst'], $_POST['dstmask'], $_POST['dstnot']);
     if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") {
         $natent['natreflection'] = $_POST['natreflection'];
     } else {
         continue;
     }
     if (check_subnets_overlap($_POST['external'], $_POST['subnet'], $natent['external'], $natent['subnet'])) {
         //$input_errors[] = "Another 1:1 rule overlaps with the specified external subnet.";
         //break;
     } else {
         if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) {
             //$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet.";
             //break;
         }
     }
 }
 /* check for overlaps with advanced outbound NAT */
 if (is_array($config['nat']['advancedoutbound']['rule'])) {
     foreach ($config['nat']['advancedoutbound']['rule'] as $natent) {
         if ($natent['target'] && check_subnets_overlap($_POST['external'], $_POST['subnet'], $natent['target'], 32)) {
             $input_errors[] = "An advanced outbound NAT entry overlaps with the specified external subnet.";
             break;
         }
     }
 }
 if (!$input_errors) {
     $natent = array();
     $natent['external'] = $_POST['external'];
     $natent['internal'] = $_POST['internal'];
     $natent['subnet'] = $_POST['subnet'];
     $natent['descr'] = $_POST['descr'];
     $natent['interface'] = $_POST['interface'];
     if (isset($id) && $a_1to1[$id]) {
         $a_1to1[$id] = $natent;
     } else {
Exemplo n.º 3
0
                 $if = get_failover_interface($phase1['interface'], "inet6");
                 $interfaceip = get_interface_ipv6($if);
             } else {
                 $if = get_failover_interface($phase1['interface']);
                 $interfaceip = get_interface_ip($if);
             }
             /* skip validation for hostnames, they're subject to change anyway */
             if (is_ipaddr($phase1['remote-gateway'])) {
                 if ($pconfig['mode'] == "tunnel") {
                     if (check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
                         $input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
                         break;
                     }
                 } else {
                     if ($pconfig['mode'] == "tunnel6") {
                         if (check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
                             $input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
                             break;
                         }
                     }
                 }
             }
         }
     }
 }
 /* For ESP protocol, handle encryption algorithms */
 if ($pconfig['proto'] == "esp") {
     $ealgos = pconfig_to_ealgos($pconfig);
     if (!count($ealgos)) {
         $input_errors[] = gettext("At least one encryption algorithm must be selected.");
     } else {
     $input_errors[] = "/32 alt ağ maskesi geçersiz CARP IP leri içeriyor.";
 }
 /* check for overlaps with other virtual IP */
 foreach ($a_vip as $vipent) {
     if (isset($id) && $a_vip[$id] && $a_vip[$id] === $vipent) {
         continue;
     }
     if (isset($_POST['subnet']) && $_POST['subnet'] == $vipent['subnet']) {
         $input_errors[] = "Tanımlanan IP adresi zaten sanal IP listesinde mevcuttur.";
         break;
     }
 }
 /* check for overlaps with 1:1 NAT */
 if (is_array($config['nat']['onetoone'])) {
     foreach ($config['nat']['onetoone'] as $natent) {
         if (check_subnets_overlap($_POST['ipaddr'], 32, $natent['external'], $natent['subnet'])) {
             $input_errors[] = "A 1:1 NAT mapping overlaps with the specified IP address.";
             break;
         }
     }
 }
 /* make sure new ip is within the subnet of a valid ip
  * on one of our interfaces (wan, lan optX)
  */
 if ($_POST['mode'] == "carp") {
     if (!$id) {
         /* verify against reusage of vhids */
         $idtracker = 0;
         foreach ($config['virtualip']['vip'] as $vip) {
             if ($vip['vhid'] == $_POST['vhid'] and $idtracker != $id) {
                 $input_errors[] = "VHID {$_POST['vhid']} is already in use.  Pick a unique number.";