fixes T1238 - Wireguard allows invalid IP's

2 files changed, 14 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index 6dcc90d6d..87d51c8e7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,12 @@
+vyos-1x (1.2.0-13) unstable; urgency=low
+
+  * fixes T1238 - Wireguard allows invalid IP's 
+
+ -- hagbard <vyosdev@derith.de>  Sat, 09 Feb 2019 14:42:13 -0800
+
 vyos-1x (1.2.0-12) unstable; urgency=low
 
-  fixes T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers 
+  * fixes T1225: wireguard implement 'set int wireguard wg0 peer name disable' to disable single peers 
 
  -- hagbard <vyosdev@derith.de>  Mon, 04 Feb 2019 10:26:50 -0800
 
diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml
index 7dd1ec044..d7c3bc447 100644
--- a/interface-definitions/wireguard.xml
+++ b/interface-definitions/wireguard.xml
@@ -19,8 +19,11 @@
           <leafNode name="address">
             <properties>
               <help>IP address</help> 
+              <constraint>
+                <validator name="ip-host"/>
+              </constraint>
               <valueHelp>
-                <format>ipv4net</format>
+                <format>ipv4-address</format>
                 <description>IPv4 address and prefix length</description>
               </valueHelp>
               <valueHelp>
@@ -109,6 +112,9 @@
               <leafNode name="allowed-ips">
                 <properties>
                   <help>IP addresses allowed to traverse the peer</help>
+                  <constraint>
+                    <validator name="ip-host"/>
+                  </constraint>
                 <multi/>
                 </properties>
               </leafNode>