Projet

Général

Profil

« Précédent | Suivant » 

Révision 6b23c19a

Ajouté par Renato Botelho il y a environ 11 ans

Don't allow adding IP Alias or CARP VIP on network or broadcast addresses. Fixes #2768

Voir les différences:

usr/local/www/firewall_virtual_ip_edit.php
132 132 
		 	$input_errors[] = gettext("The /127 and /128 subnet mask are invalid for CARP IPs.");
133 133 
	}
134 134 

  		




  
  135
  
    
	/* ipalias and carp should not use network or broadcast address */


  		




  
  136
  
    
	if ($_POST['mode'] == "ipalias" || $_POST['mode'] == "carp") {


  		




  
  137
  
    
		if (is_ipaddrv4($_POST['subnet']) && $_POST['subnet_bits'] != "32") {


  		




  
  138
  
    
			$network_addr = gen_subnet($_POST['subnet'], $_POST['subnet_bits']);


  		




  
  139
  
    
			$broadcast_addr = gen_subnet_max($_POST['subnet'], $_POST['subnet_bits']);


  		




  
  140
  
    
		} else if (is_ipaddrv6($_POST['subnet']) && $_POST['subnet_bits'] != "128" ) {


  		




  
  141
  
    
			$network_addr = gen_subnetv6($_POST['subnet'], $_POST['subnet_bits']);


  		




  
  142
  
    
			$broadcast_addr = gen_subnetv6_max($_POST['subnet'], $_POST['subnet_bits']);


  		




  
  143
  
    
		}


  		




  
  144
  
    

  		




  
  145
  
    
		if (isset($network_addr) && $_POST['subnet'] == $network_addr)


  		




  
  146
  
    
			$input_errors[] = gettext("You cannot use the network address for this VIP");


  		




  
  147
  
    
		else if (isset($broadcast_addr) && $_POST['subnet'] == $broadcast_addr)


  		




  
  148
  
    
			$input_errors[] = gettext("You cannot use the broadcast address for this VIP");


  		




  
  149
  
    
	}


  		




  
  150
  
    

  		




  135
  151
  
    
	/* make sure new ip is within the subnet of a valid ip


  		




  136
  152
  
    
	 * on one of our interfaces (wan, lan optX)


  		




  137
  153
  
    
	 */


  		












Formats disponibles :  Unified diff