#!/usr/local/bin/php <?php /* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* parse the configuration and include all functions used below */ require_once("config.inc"); require_once("interfaces.inc"); require_once("openvpn.inc"); require_once("util.inc"); require_once("vpn.inc"); require_once("filter.inc"); require_once("rrd.inc"); require_once("util.inc"); require_once("pfsense-utils.inc"); require_once("services.inc"); require_once("unbound.inc"); $options = getopt("hn", array("dry-run", "help")); if (isset($options["h"]) || isset($options["help"])) { echo "usage: rc.initial.setlanip [option ...]\n"; echo " -h, --help show this message\n"; echo " -n, --dry-run do not make any configuration changes\n"; exit(0); } $dry_run = isset($options["n"]) || isset($options["dry-run"]); if ($dry_run) { echo "DRY RUN MODE IS ON\n"; } function console_prompt_for_yn ($prompt_text) { global $fp; $good_answer = false; do { echo "\n" . $prompt_text . " (y/n) "; $yn = strtolower(chop(fgets($fp))); if (($yn == "y") || ($yn == "yes")) { $boolean_answer = true; $good_answer = true; } if (($yn == "n") || ($yn == "no")) { $boolean_answer = false; $good_answer = true; } } while (!$good_answer); return $boolean_answer; } function console_get_interface_from_ppp($realif) { global $config; if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) { foreach ($config['ppps']['ppp'] as $pppid => $ppp) { if ($realif == $ppp['if']) { $ifaces = explode(",", $ppp['ports']); return $ifaces[0]; } } } return ""; } function prompt_for_enable_dhcp_server($version = 4) { global $config, $fp, $interface; if($interface == "wan") { if($config['interfaces']['lan']) return false; } /* only allow DHCP server to be enabled when static IP is configured on this interface */ if ($version === 6) { $is_ipaddr = is_ipaddrv6($config['interfaces'][$interface]['ipaddrv6']); } else { $is_ipaddr = is_ipaddrv4($config['interfaces'][$interface]['ipaddr']); } if (!($is_ipaddr)) { return false; } $label_DHCP = ($version === 6) ? "DHCP6" : "DHCP"; $upperifname = strtoupper($interface); return console_prompt_for_yn (sprintf(gettext("Do you want to enable the %s server on %s?"), $label_DHCP, $upperifname)); } function get_interface_config_description($iface) { global $config; $c = $config['interfaces'][$iface]; if (!$c) { return null; } $if = $c['if']; $result = $if; $result2 = array(); $ipaddr = $c['ipaddr']; $ipaddrv6 = $c['ipaddrv6']; if (is_ipaddr($ipaddr)) { $result2[] = "static"; } else if ($ipaddr == "dhcp") { $result2[] = "dhcp"; } if (is_ipaddr($ipaddrv6)) { $result2[] = "staticv6"; } else if ($ipaddrv6 == "dhcp6") { $result2[] = "dhcp6"; } if (count($result2)) { $result .= " - " . implode(", ", $result2); } return $result; } $fp = fopen('php://stdin', 'r'); /* build an interface collection */ $ifdescrs = get_configured_interface_with_descr(false, true); $count = count($ifdescrs); /* grab interface that we will operate on, unless there is only one interface */ if ($count > 1) { echo "Available interfaces:\n\n"; $x=1; foreach($ifdescrs as $iface => $ifdescr) { $config_descr = get_interface_config_description($iface); echo "{$x} - {$ifdescr} ({$config_descr})\n"; $x++; } echo "\nEnter the number of the interface you wish to configure: "; $intnum = chop(fgets($fp)); } else { $intnum = $count; } if($intnum < 1) exit; if($intnum > $count) exit; $index = 1; foreach ($ifdescrs as $ifname => $ifdesc) { if ($intnum == $index) { $interface = $ifname; break; } else { $index++; } } if(!$interface) { echo "Invalid interface!\n"; exit; } $ifaceassigned = ""; function next_unused_gateway_name($interface) { global $g, $config; $new_name = "GW_" . strtoupper($interface); if (!is_array($config['gateways']['gateway_item'])) { return $new_name; } $count = 1; do { $existing = false; foreach ($config['gateways']['gateway_item'] as $item) { if ($item['name'] === $new_name) { $existing = true; break; } } if ($existing) { $count += 1; $new_name = "GW_" . strtoupper($interface) . "_" . $count; } } while ($existing); return $new_name; } function add_gateway_to_config($interface, $gatewayip, $inet_type) { global $g, $config, $dry_run; if (!is_array($config['gateways']['gateway_item'])) { $config['gateways']['gateway_item'] = array(); } $a_gateways = &$config['gateways']['gateway_item']; if ($dry_run) { print_r($a_gateways); } $new_name = ''; $is_default = true; foreach ($a_gateways as $item) { if ($item['ipprotocol'] === $inet_type) { if (isset($item['defaultgw'])) $is_default = false; if (($item['interface'] === $interface) && ($item['gateway'] === $gatewayip)) $new_name = $item['name']; } } if ($new_name == '') { $new_name = next_unused_gateway_name($interface); $item = array( "interface" => $interface, "gateway" => $gatewayip, "name" => $new_name, "weight" => 1, "ipprotocol" => $inet_type, "interval" => true, "descr" => "Interface $interface Gateway", "defaultgw" => $is_default ); if ($dry_run) { print_r($item); } $a_gateways[] = $item; } return $new_name; } function console_configure_ip_address($version) { global $g, $config, $interface, $restart_dhcpd, $ifaceassigned, $fp; $label_IPvX = ($version === 6) ? "IPv6" : "IPv4"; $maxbits = ($version === 6) ? 127 : 31; $label_DHCP = ($version === 6) ? "DHCP6" : "DHCP"; $upperifname = strtoupper($interface); if($interface == "wan") { if (console_prompt_for_yn (sprintf(gettext("Configure %s address %s interface via %s?"), $label_IPvX, $upperifname, $label_DHCP))) { $ifppp = console_get_interface_from_ppp(get_real_interface("wan")); if (!empty($ifppp)) $ifaceassigned = $ifppp; $intip = ($version === 6) ? "dhcp6" : "dhcp"; $intbits = ""; $isintdhcp = true; $restart_dhcpd = true; } } if($isintdhcp == false or $interface <> "wan") { while(true) { do { echo "\n" . sprintf(gettext("Enter the new %s %s address. Press <ENTER> for none:"), $upperifname, $label_IPvX) . "\n> "; $intip = chop(fgets($fp)); $is_ipaddr = ($version === 6) ? is_ipaddrv6($intip) : is_ipaddrv4($intip); if ($is_ipaddr && is_ipaddr_configured($intip, $interface, true)) { $ip_conflict = true; echo gettext("This IP address conflicts with another interface or a VIP") . "\n"; } else $ip_conflict = false; } while (($ip_conflict === true) || !($is_ipaddr || $intip == '')); if ($intip != '') { echo "\n" . sprintf(gettext("Subnet masks are entered as bit counts (as in CIDR notation) in %s."), $g['product_name']) . "\n"; if ($version === 6) { echo "e.g. ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00 = 120\n"; echo " ffff:ffff:ffff:ffff:ffff:ffff:ffff:0 = 112\n"; echo " ffff:ffff:ffff:ffff:ffff:ffff:0:0 = 96\n"; echo " ffff:ffff:ffff:ffff:ffff:0:0:0 = 80\n"; echo " ffff:ffff:ffff:ffff:0:0:0:0 = 64\n"; } else { echo "e.g. 255.255.255.0 = 24\n"; echo " 255.255.0.0 = 16\n"; echo " 255.0.0.0 = 8\n"; } do { $upperifname = strtoupper($interface); echo "\n" . sprintf(gettext("Enter the new %s %s subnet bit count (1 to %s):"), $upperifname, $label_IPvX, $maxbits) . "\n> "; $intbits = chop(fgets($fp)); $intbits_ok = is_numeric($intbits) && (($intbits >= 1) && ($intbits <= $maxbits)); $restart_dhcpd = true; if ($version === 4 && $intbits < $maxbits) { if ($intip == gen_subnet($intip, $intbits)) { echo gettext("You cannot set network address to an interface"); continue 2; $intbits_ok = false; } else if ($intip == gen_subnet_max($intip, $intbits)) { echo gettext("You cannot set broadcast address to an interface"); continue 2; $intbits_ok = false; } } } while (!$intbits_ok); if ($version === 6) { $subnet = gen_subnetv6($intip, $intbits); } else { $subnet = gen_subnet($intip, $intbits); } do { echo "\n" . sprintf(gettext("For a WAN, enter the new %s %s upstream gateway address."), $upperifname, $label_IPvX) . "\n" . gettext("For a LAN, press <ENTER> for none:") . "\n> "; $gwip = chop(fgets($fp)); $is_ipaddr = ($version === 6) ? is_ipaddrv6($gwip) : is_ipaddrv4($gwip); $is_in_subnet = $is_ipaddr && ip_in_subnet($gwip, $subnet . "/" . $intbits); if ($gwip != '') { if (!$is_ipaddr) { echo sprintf(gettext("not an %s IP address!"), $label_IPvX) . "\n"; } else if (!$is_in_subnet) { echo gettext("not in subnet!") . "\n"; } } } while (!($gwip == '' || ($is_ipaddr && $is_in_subnet))); if ($gwip != '') { $inet_type = ($version === 6) ? "inet6" : "inet"; $gwname = add_gateway_to_config($interface, $gwip, $inet_type); } } $ifppp = console_get_interface_from_ppp(get_real_interface($interface)); if (!empty($ifppp)) $ifaceassigned = $ifppp; break; } } return array($intip, $intbits, $gwname); } list($intip, $intbits, $gwname) = console_configure_ip_address(4); list($intip6, $intbits6, $gwname6) = console_configure_ip_address(6); if (!empty($ifaceassigned)) $config['interfaces'][$interface]['if'] = $ifaceassigned; $config['interfaces'][$interface]['ipaddr'] = $intip; $config['interfaces'][$interface]['subnet'] = $intbits; $config['interfaces'][$interface]['gateway'] = $gwname; $config['interfaces'][$interface]['ipaddrv6'] = $intip6; $config['interfaces'][$interface]['subnetv6'] = $intbits6; $config['interfaces'][$interface]['gatewayv6'] = $gwname6; $config['interfaces'][$interface]['enable'] = true; function console_configure_dhcpd($version = 4) { global $g, $config, $restart_dhcpd, $fp, $interface, $dry_run, $intip, $intbits, $intip6, $intbits6; $label_IPvX = ($version === 6) ? "IPv6" : "IPv4"; $dhcpd = ($version === 6) ? "dhcpdv6" : "dhcpd"; if (prompt_for_enable_dhcp_server($version)) { $subnet_start = ($version === 6) ? gen_subnetv6($intip6, $intbits6) : gen_subnet($intip, $intbits); $subnet_end = ($version === 6) ? gen_subnetv6_max($intip6, $intbits6) : gen_subnet_max($intip, $intbits); do { do { echo sprintf(gettext("Enter the start address of the %s client address range:"), $label_IPvX) . " "; $dhcpstartip = chop(fgets($fp)); if ($dhcpstartip === "") { fclose($fp); exit(0); } $is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpstartip) : is_ipaddrv4($dhcpstartip); $is_inrange = is_inrange($dhcpstartip, $subnet_start, $subnet_end); if (!$is_inrange) echo gettext("This IP address must be in the interface's subnet") . "\n"; } while (!$is_ipaddr || !$is_inrange); do { echo sprintf(gettext("Enter the end address of the %s client address range:"), $label_IPvX) . " "; $dhcpendip = chop(fgets($fp)); if ($dhcpendip === "") { fclose($fp); exit(0); } $is_ipaddr = ($version === 6) ? is_ipaddrv6($dhcpendip) : is_ipaddrv4($dhcpendip); $is_inrange = is_inrange($dhcpendip, $subnet_start, $subnet_end); if (!$is_inrange) echo gettext("This IP address must be in the interface's subnet") . "\n"; $not_inorder = ($version === 6) ? (inet_pton($dhcpendip) < inet_pton($dhcpstartip)) : ip_less_than($dhcpendip, $dhcpstartip); if ($not_inorder) { echo gettext("The end address of the DHCP range must be >= the start address") . "\n"; } } while (!$is_ipaddr || !$is_inrange); } while ($not_inorder); $restart_dhcpd = true; $config[$dhcpd][$interface]['enable'] = true; $config[$dhcpd][$interface]['range']['from'] = $dhcpstartip; $config[$dhcpd][$interface]['range']['to'] = $dhcpendip; } else { if(isset($config[$dhcpd][$interface]['enable'])) { unset($config[$dhcpd][$interface]['enable']); printf(gettext("Disabling %s DHCPD..."), $label_IPvX); $restart_dhcpd = true; } } } console_configure_dhcpd(4); console_configure_dhcpd(6); //***************************************************************************** if ($config['system']['webgui']['protocol'] == "https") { if (console_prompt_for_yn (gettext("Do you want to revert to HTTP as the webConfigurator protocol?"))) { $config['system']['webgui']['protocol'] = "http"; $restart_webgui = true; } } if (isset($config['system']['webgui']['noantilockout'])) { echo "\n" . sprintf(gettext("Note: the anti-lockout rule on %s has been re-enabled."), $interface) . "\n"; unset($config['system']['webgui']['noantilockout']); } if($config['interfaces']['lan']) { if($config['dhcpd']) if($config['dhcpd']['wan']) unset($config['dhcpd']['wan']); if($config['dhcpdv6']) if($config['dhcpdv6']['wan']) unset($config['dhcpdv6']['wan']); } if(!$config['interfaces']['lan']) { unset($config['interfaces']['lan']); if($config['dhcpd']['lan']) unset($config['dhcpd']['lan']); if($config['dhcpdv6']['lan']) unset($config['dhcpdv6']['lan']); unset($config['nat']); if (!$dry_run) { system("rm /var/dhcpd/var/db/* >/dev/null 2>/dev/null"); $restart_dhcpd = true; } } $upperifname = strtoupper($interface); if (!$dry_run) { echo "\nPlease wait while the changes are saved to {$upperifname}..."; write_config(sprintf(gettext("%s IP configuration from console menu"), $interface)); interface_reconfigure(strtolower($upperifname)); echo "\n Reloading filter..."; filter_configure_sync(); if($restart_dhcpd) { echo "\n DHCPD..."; services_dhcpd_configure(); } if ($restart_webgui) { mwexec('/usr/local/etc/rc.restart_webgui'); } } if ($intip != '') { if (is_ipaddr($intip)) { echo "\n\n" . sprintf(gettext("The IPv4 %s address has been set to %s"), $upperifname, "{$intip}/{$intbits}") . "\n"; } else { echo "\n\n" . sprintf(gettext("The IPv4 %s address has been set to %s"), $upperifname, $intip) . "\n"; } } if ($intip6 != '') { if (is_ipaddr($intip6)) { echo "\n\n" . sprintf(gettext("The IPv6 %s address has been set to %s"), $upperifname, "${intip6}/${intbits6}") . "\n"; } else { echo "\n\n" . sprintf(gettext("The IPv6 %s address has been set to %s"), $upperifname, $intip6) . "\n"; } } if ($intip != '' || $intip6 != '') { if (count($ifdescrs) == "1" or $interface == "lan") { echo gettext('You can now access the webConfigurator by opening the following URL in your web browser:') . "\n"; if(!empty($config['system']['webgui']['port'])) { $webuiport = $config['system']['webgui']['port']; if ($intip != '') { echo " {$config['system']['webgui']['protocol']}://{$intip}:{$webuiport}/\n"; } if ($intip6 != '') { if (is_ipaddr($intip6)) { echo " {$config['system']['webgui']['protocol']}://[{$intip6}]:{$webuiport}/\n"; } else { echo " {$config['system']['webgui']['protocol']}://{$intip6}:{$webuiport}/\n"; } } } else { if ($intip != '') { echo " {$config['system']['webgui']['protocol']}://{$intip}/\n"; } if ($intip6 != '') { if (is_ipaddr($intip6)) { echo " {$config['system']['webgui']['protocol']}://[{$intip6}]/\n"; } else { echo " {$config['system']['webgui']['protocol']}://{$intip6}/\n"; } } } } } echo "\n" . gettext('Press <ENTER> to continue.'); fgets($fp); fclose($fp);