From e415eb823004fdd69586b2e04583be22c8841948 Mon Sep 17 00:00:00 2001
From: Stephan de Wit <stephan.de.wit@deciso.com>
Date: Mon, 9 Sep 2024 14:53:05 +0200
Subject: [PATCH] interfaces: prevent CARP IP removal when VHID group is in use
 by IP alias

---
 .../Interfaces/Api/VipSettingsController.php         | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
index f5a7bd729..a827f6baa 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VipSettingsController.php
@@ -186,6 +186,18 @@ class VipSettingsController extends ApiMutableModelControllerBase
         if (!empty($validations)) {
             throw new UserException(implode('<br/>', array_slice($validations, 0, 5)), gettext("Item in use by"));
         }
+
+        if ($node != null && (string)$node->mode == 'carp') {
+            foreach ($this->getModel()->vip->iterateItems() as $vip) {
+                if ((string)$vip->mode == 'ipalias' && (string)$vip->vhid == (string)$node->vhid) {
+                    $vhid = (string)$node->vhid;
+                    throw new UserException(sprintf(
+                        gettext("Cannot delete CARP Virtual IP, IP Alias with VHID Group %s still exists."), $vhid),
+                        gettext("Error"));
+                }
+            }
+        }
+
         $response = $this->delBase("vip", $uuid);
         if (($response['result'] ?? '') == 'deleted') {
             $addr = (string)$node->subnet;