Bernhard,

Does any of this also apply to the subnet comparisons made when adding subnets in the "Firewall Groups" portion of the WUI?

Tom

> On Feb 11, 2018, at 1:52 PM, Bernhard Held <berny156(a)gmx.de> wrote:
> 
> The logic of subnet comparison is broken. E.g. if the blue netmask is
> 255.255.255.0, it's impossible to add a VPN subnet with the same netmask.
> The proposed patch compares the subnets individually.
> ---
> html/cgi-bin/proxy.cgi | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> index ea3b41126..4993dde86 100644
> --- a/html/cgi-bin/proxy.cgi
> +++ b/html/cgi-bin/proxy.cgi
> @@ -3066,8 +3066,8 @@ END
>                @temp = split(/\//);
>                chomp $temp[1];
>                if (
> -                    ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) &&
> -                    ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'})
> +                    (($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $netsettings{'GREEN_NETMASK'})) &&
> +                    (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] ne $netsettings{'BLUE_NETMASK'}))
>                    )
>                {
>                    print FILE " ||\n     (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
> -- 
> 2.16.1
>