From 293d4b73a1ac96d0707b4c9f4856cd6da67847d1 Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Mon, 15 Jun 2026 10:08:24 +0200
Subject: [PATCH] core: implement gateway validation for DHCP and static
 networks (#15107)

---
 misc/build.func | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/misc/build.func b/misc/build.func
index c16d8a17f..2dc50db78 100644
--- a/misc/build.func
+++ b/misc/build.func
@@ -979,6 +979,20 @@ base_settings() {
 
   IPV6_METHOD=${var_ipv6_method:-"none"}
   GATE=${var_gateway:-""}
+
+  # Guard against invalid gateway combinations from defaults/app vars:
+  # - DHCP must not force a static gateway
+  # - Static IPv4 must use a gateway in the same subnet
+  if [[ "$NET" == "dhcp" && -n "$GATE" ]]; then
+    msg_warn "Ignoring var_gateway '$GATE' because var_net is 'dhcp'"
+    GATE=""
+  elif [[ "$NET" != "dhcp" && -n "$GATE" ]]; then
+    if ! validate_gateway_in_subnet "$NET" "$GATE"; then
+      msg_warn "Ignoring var_gateway '$GATE' because it is not in subnet of var_net '$NET'"
+      GATE=""
+    fi
+  fi
+
   APT_CACHER=${var_apt_cacher:-""}
   APT_CACHER_IP=${var_apt_cacher_ip:-""}