#!/bin/bash # Copyright (C) 2010-2023 Pädagogisches Landesinstitut Rheinland-Pfalz # Copyright (C) 2022-2023 Mike Gabriel # Copyright (C) 2022-2023 Daniel Teichmann # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the # Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. set -e . /usr/share/debconf/confmodule || exit 255 # Load common functions, variables and stuff. if [ -s "/usr/share/debian-edu-router-config/debian-edu-router-config.common" ]; then source /usr/share/debian-edu-router-config/debian-edu-router-config.common else exit 0; fi function get_non_d_e_r_ifaces() { ifaces_dir="/etc/network/interfaces.d" # Find all files *not* managed by d-e-r readarray -d '' not_d_e_r_files < <(find "$ifaces_dir" -type f -not -name "??_d-e-r_*" -print0) # Add /etc/network/interfaces not_d_e_r_files+=(/etc/network/interfaces) if [ -n "${not_d_e_r_files[*]}" ]; then # Find all interfaces configured in those files (except if commented out) echo `cat "${not_d_e_r_files[@]}" | grep -P '^(?=[\s]*+[^#])[^#]*(iface)' | grep -v "iface lo" | awk '{print $2}'` fi } # $1: The state you want. Options: # - 'online' or '1' # - 'offline' or '0' # $@: All the ifaces in a space-separated list # Returns $_return_ifaces: All interfaces with desired online status seperated # by spaces. function filter_ifaces_by_online_status() { _ifaces_connected=(${@:2}) if [ "$1" == "online" ]; then desired_state="1" elif [ "$1" == "offline" ]; then desired_state="0" elif [ "$1" == "1" ]; then desired_state="1" elif [ "$1" == "0" ]; then desired_state="0" else error_log "filter_ifaces_by_online_status(): Desired state '$1' is not" \ "supported." exit 1 fi for iface in ${_ifaces_connected[@]}; do if [[ -z "$(ip link show dev "$iface" up)" ]]; then ip link set dev "$iface" up was_down=true debug_log_stderr "$iface: Waiting for iface to get up." while [[ -z "$(ip link show dev "$iface" up)" ]]; do sleep 0.1s done fi carrier="$(cat /sys/class/net/"$iface"/carrier)" if [[ "$carrier" -eq "$desired_state" ]] ; then _return_ifaces+=("$iface") fi if [[ "$carrier" -eq 1 ]] ; then debug_log_stderr "O - Interface '$iface' has a network cable attached." else debug_log_stderr "X - Interface '$iface' doesn't have a network cable attached." fi if [ "$was_down" == true ]; then ip link set dev "$iface" down was_down=false debug_log_stderr " - Also interface '$iface' is down.\n" fi done } # # Input: none # Output: none # function set_all_available_ifaces_up() { ifaces_manually_configured=($(get_non_d_e_r_ifaces)) if [ -z "${TEST_MODE}" ]; then ifaces_connected=($(ip a | grep -E "^[0-9]+:.*" | awk '{ print $2 }' | sed -e "s/:.*//" \ | grep -v "@" | grep -v -E '(lo|tun[0-9]+|vnet[0-9]+|virbr[0-9]+|lxcbr[0-9]+|docker[0-9]+|br-[a-f0-9]{12})' \ | tr '\n' ' ')) # Filter out manually configured ifaces. for i in "${ifaces_manually_configured[@]}"; do ifaces_connected=(${ifaces_connected[@]/$i/}) done for iface in "${ifaces_connected[@]}"; do if [[ -z "$(ip link show dev "$iface" up)" ]]; then ip link set dev "$iface" up warning_log_stderr "Raising network interface '$iface'." while [[ -z "$(ip link show dev "$iface" up)" ]]; do sleep 0.1s done fi done fi } # # Input: none # Output: comma-separated list of all available interfaces (with a cable connected). # TODO: Extract ifaces_connected part into own function in commons file. # Then update set_all_available_ifaces_up and available_network_interfaces_offline too. # function available_network_interfaces_online() { ifaces_manually_configured=($(get_non_d_e_r_ifaces)) if [ -z "${TEST_MODE}" ]; then ifaces_connected=($(ip a | grep -E "^[0-9]+:.*" | awk '{ print $2 }' | sed -e "s/:.*//" \ | grep -v "@" | grep -v -E '(lo|tun[0-9]+|vnet[0-9]+|virbr[0-9]+|lxcbr[0-9]+|docker[0-9]+|br-[a-f0-9]{12})' \ | tr '\n' ' ')) # Filter out manually configured ifaces. for i in "${ifaces_manually_configured[@]}"; do ifaces_connected=(${ifaces_connected[@]/$i/}) done # Now filter out ifaces which are not ONLINE declare -a _return_ifaces filter_ifaces_by_online_status "online" "${ifaces_connected[@]}" ifaces_connected=(${_return_ifaces[@]}"") debug_log_stderr "Following ifaces are online right now: '${ifaces_connected[@]}'." echo "${ifaces_connected[@]}" | sed -e 's| $||' -e 's| |, |g' else echo "eth0, eth2, eth3, eth5, eth6, eth7, eth9" fi } function available_network_interfaces_offline() { ifaces_manually_configured=($(get_non_d_e_r_ifaces)) if [ -z "${TEST_MODE}" ]; then ifaces_connected=($(ip a | grep -E "^[0-9]+:.*" | awk '{ print $2 }' | sed -e "s/:.*//" | grep -v "@" \ | grep -v -E '(lo|tun[0-9]+|vnet[0-9]+|virbr[0-9]+|lxcbr[0-9]+|docker[0-9]+|br-[a-f0-9]{12})' \ | tr '\n' ' ')) # Filter out manually configured ifaces. for i in "${ifaces_manually_configured[@]}"; do ifaces_connected=(${ifaces_connected[@]/$i/}) done echo "${ifaces_connected[@]}" | sed -e 's| $||' -e 's| |, |g' else echo "eth0, eth1, eth2, eth3, eth4, eth5, eth6, eth7, eth8, eth9" fi } function available_network_interfaces_description_extended() { field="ID_MODEL_FROM_DATABASE" ifaces_connected=$(echo ${@} | sed -e "s/, / /g") for iface in ${ifaces_connected}; do if [ -n "${TEST_MODE}" ]; then echo "${iface} - Network test adapter ${iface}" else iface_description=`udevadm info /sys/class/net/${iface} | grep "${field}" | sed -rn -e "s/^E: $field=(.+)/\1/p" | sed -e "s/ /_/g" || true` iface_macaddress=`ip addr show ${iface} | grep "link/ether" | grep -o -E ..:..:..:..:..:.. | head -1` echo "${iface} (${iface_macaddress}) - ${iface_description}" fi done } function bailout_on_too_many_failures() { if [ ${2} -ge ${3} ]; then error_log "Value for '${1}' has been answered insufficiently for too many (${3}) times." exit 1 fi } # prepare debconf export DC_PRIO_LOW="medium" export DC_PRIO_HIGH="high" db_version 2.0 db_capb backup escape # If we don't run this script for the first time, make sure we know what IP # proto versions are enabled for non-network configuration steps, what internal # networks are enabled and what internal networks have static IP address set. # # This is really important for cases where the sysadmin chooses to skip network # settings. We can't populate the IPV4 and IPV6 variables from within the while # loop, so let's preset these values in case networking set up gets skipped. # # Without these two lines, firewall and service configuration will not work # correctly and most debconf dialogs will be skipped. ipv4_enabled && IPV4=true ipv6_enabled && IPV6=true db_get debian-edu-router-config/net-int-supportednetworks supported_internal_networks="${RET}" db_get debian-edu-router-config/net-networks-staticip-v4 net_networks_staticip_v4="${RET}" db_get debian-edu-router-config/net-networks-staticip-v6 net_networks_staticip_v6="${RET}" if [ "${CONFIGURE_ONLY}" = "NETWORK_IFACE_ASSIGNMENTS" ]; then STATE=1 QCOUNT=23 elif [ "${CONFIGURE_ONLY}" = "NETWORK_ADDRESS_ASSIGNMENTS" ]; then STATE=23 QCOUNT=49 elif [ "${CONFIGURE_ONLY}" = "NETWORK_ALL" ]; then STATE=1 QCOUNT=49 elif [ "${CONFIGURE_ONLY}" = "FIREWALL_ALL" ]; then STATE=50 QCOUNT=55 elif [ "${CONFIGURE_ONLY}" = "SERVICES_ALL" ]; then STATE=56 QCOUNT=67 elif [ "${CONFIGURE_ONLY}" = "SERVICE_DHCP" ]; then STATE=56 QCOUNT=65 elif [ "${CONFIGURE_ONLY}" = "SERVICE_SSH" ]; then STATE=66 QCOUNT=66 elif [ "${CONFIGURE_ONLY}" = "NOT_IMPLEMENTED" ]; then STATE=67 QCOUNT=67 elif [ "${SKIP_DEBCONF_QUESTIONS_CONFIG}" == "1" ]; then STATE=999 QCOUNT=999 else STATE=0 # Include IP forwarding consent question (excluded above) QCOUNT=66 fi # Define a starting point that cannot be skipped by going back BACKSTOP=${STATE} if [ "$D_E_R_DEBUG" != "" ]; then echo -e "${green}debian-edu-router-config.config:${normal}" echo -e "${green}CONFIGURE_ONLY=${cyan}${CONFIGURE_ONLY}${normal}" echo -e "${green}STATE= ${cyan}${STATE}${normal}" echo -e "${green}QCOUNT= ${cyan}${QCOUNT}${normal}" echo -e "${green}BACKSTOP= ${cyan}${BACKSTOP}${normal}" fi # Failure counters: Some question don't allow empty input or similar. # We can't re-ask questions endlessly, but need to bail out at some point. FCOUNTER=0 # default behaviour should be that steps go UP rather than down. # we have this variable to track in which direction we are currently going # for example if the user wants to backup a step at step 17 # and step 16 should be skipped (for whatever reason) then we should move on # to step *15* instead of step 17! STATE_DIRECTION=1 # setup milestones # when configuring a new milestone, please test if backing up from that # milestone does work as expected! NETWORK_SETUP_QUESTION=1 NETWORK_SETUP_FIRST=2 NETWORK_SETUP_LAST=49 NETWORK_SETUP_SKIP_VLAN=15 # One step after last VLAN question. # set skip-networking flag to false at start db_set debian-edu-router-config/skip-networking-if-not-enough-ifaces-available false db_set debian-edu-router-config/skip-networking-if-not-enough-ifaces-non-configured false while [ ${STATE} -gt -1 ] && [ ${STATE} -le ${QCOUNT} ] && [ ${STATE} -ge ${BACKSTOP} ]; do debug_log "We are currently at step ${cyan}$STATE${normal}." # ask questions case "${STATE}" in 0) db_input ${DC_PRIO_HIGH} debian-edu-router-config/ip-forwarding-consent || true ;; 1) db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-setup-mode || true ;; 2) ### ### Network Interface Assignments ### if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then # Counts how many times the user has to click ok, while not # only Uplink is connected, to make d-e-r abort. NUM_TRIES_DISCONNECT_ALL_INTERFACES=3 nic_choices="" while [ -z "${nic_choices}" ]; do if [ $NUM_TRIES_DISCONNECT_ALL_INTERFACES -le 0 ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-failed-to-disconnect-all-interfaces || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi nic_choices="" break fi # Interfaces could be down. # For example because of power saving reasons. set_all_available_ifaces_up db_subst debian-edu-router-config/net-disconnect-all-interfaces num_tries $NUM_TRIES_DISCONNECT_ALL_INTERFACES db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-disconnect-all-interfaces || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi NUM_TRIES_DISCONNECT_ALL_INTERFACES=$(($NUM_TRIES_DISCONNECT_ALL_INTERFACES - 1)) if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) # Test if nic_choices contains multiple ifaces. if [ -n "$(echo "$nic_choices" | grep ",")" ]; then nic_choices="" fi else nic_choices="eth0" fi done # broken out of the while loop if [ -z "${nic_choices}" ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else db_subst debian-edu-router-config/net-ext-iface-uplink choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-ext-iface-uplink extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-iface-uplink || true fi ;; 3) db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-supportednetworks || true ;; 4) db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-with-vlans || true ;; 5) db_get debian-edu-router-config/net-int-with-vlans if [ "${RET}" = "false" ]; then # Prevent asking this question if vlans shouldn't be configured. STATE=$(($STATE + $STATE_DIRECTION)) continue fi if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-vlan || true db_go || true if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth1" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) db_subst debian-edu-router-config/net-int-iface-vlan choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-vlan extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-vlan || true fi ;; 6) db_get debian-edu-router-config/net-int-with-vlans if [ "${RET}" = "false" ]; then # Prevent asking this question if vlans shouldn't be configured. STATE=$(($STATE + $STATE_DIRECTION)) continue fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 3. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 3 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=3 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else db_subst debian-edu-router-config/net-int-supportednetworks-via-vlan choices "${supported_internal_networks}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-supportednetworks-via-vlan || true fi ;; 7) if echo "${supported_internal_networks_via_vlan}" | grep -q "OpenLAN" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-openlan || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 8) if echo "${supported_internal_networks_via_vlan}" | grep -q "Education" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-education || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 9) if echo "${supported_internal_networks_via_vlan}" | grep -q "Mgmt" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-mgmt || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 10) if echo "${supported_internal_networks_via_vlan}" | grep -q "School-Administration" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-schooladministration || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 11) if echo "${supported_internal_networks_via_vlan}" | grep -q "WiFi-Students" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-wifistudents || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 12) if echo "${supported_internal_networks_via_vlan}" | grep -q "WiFi-Teachers" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-wifiteachers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 13) if echo "${supported_internal_networks_via_vlan}" | grep -q "WiFi-Guests" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-wifiguests || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 14) if echo "${supported_internal_networks_via_vlan}" | grep -q "Printers" ; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-vlanid-printers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 15) if echo "${supported_internal_networks}" | grep -q "OpenLAN" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "OpenLAN"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-openlan || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth2" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-openlan choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-openlan extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-openlan || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 16) if echo "${supported_internal_networks}" | grep -q "Education" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "Education"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-education || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth3" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-education choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-education extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-education || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 17) if echo "${supported_internal_networks}" | grep -q "Mgmt" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "Mgmt"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-mgmt || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth4" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-education ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-mgmt choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-mgmt extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-mgmt || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 18) if echo "${supported_internal_networks}" | grep -q "School-Administration" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "School-Administration"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-schooladministration || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth4" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-education ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-mgmt ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-schooladministration choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-schooladministration extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-schooladministration || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 19) if echo "${supported_internal_networks}" | grep -q "WiFi-Students" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "WiFi-Students"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-wifistudents || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth5" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-education ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-mgmt ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-schooladministration ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-wifistudents choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-wifistudents extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-wifistudents || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 20) if echo "${supported_internal_networks}" | grep -q "WiFi-Teachers" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "WiFi-Teachers"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-wifiteachers || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth6" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-education ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-mgmt ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-schooladministration ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifistudents ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-wifiteachers choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-wifiteachers extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-wifiteachers || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 21) if echo "${supported_internal_networks}" | grep -q "WiFi-Guests" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "WiFi-Guests"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-wifiguests || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth7" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-education ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-mgmt ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-schooladministration ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifistudents ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifiteachers ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-wifiguests choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-wifiguests extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-wifiguests || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 22) if echo "${supported_internal_networks}" | grep -q "Printers" && \ ! echo "${supported_internal_networks_via_vlan}" | grep -q "Printers"; then if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-connect-int-iface-printers || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi if [ -z "${TEST_MODE}" ]; then nic_choices=$(available_network_interfaces_online) else nic_choices="eth8" fi fi if [ $STATE_DIRECTION -eq -1 ]; then # This means the user backed up to this step but we need # data provided by step 1. # So we just bypass the db_go if-clause down below for one time # and simulate comming from step 1 so that data can be prepared # for this step. Finally we'll jump back to this step again. now_state="${STATE}" STATE=1 ORIGIN_STATE=${now_state} BYPASS_DB_GO=true debug_log "${green}Simulating step ${cyan}$STATE" \ "${green}to get data needed by step ${cyan}${now_state}${normal}" else nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-education ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-mgmt ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-schooladministration ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifistudents ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifiteachers ${nic_choices}) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifiguests ${nic_choices}) if [ -z "${nic_choices}" ]; then # An empty choice is not acceptable here, tolerate re-trying 5 times FCOUNTER=$((${FCOUNTER}+1)) if [ "$FCOUNTER" -ge 5 ]; then # Reset current d-e-r configuration progress. db_set debian-edu-router-config/net-setup-mode "" STATE="$NETWORK_SETUP_QUESTION" continue fi continue fi FCOUNTER=0 db_subst debian-edu-router-config/net-int-iface-printers choices "${nic_choices}" nic_choices_description_extended=$(available_network_interfaces_description_extended "${nic_choices}") db_subst debian-edu-router-config/net-int-iface-printers extended "$(echo -e "${nic_choices_description_extended}" | debconf-escape -e)" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-printers || true fi else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 23) # This questions sets $IPV4 & $IPV6. db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ip-versions-enabled || true ;; ### ### Network IPv4/IPv6 Addresses ### 24) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi db_subst debian-edu-router-config/net-networks-staticip-v4 choices "Uplink, ${supported_internal_networks}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-networks-staticip-v4 || true ;; 25) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi db_subst debian-edu-router-config/net-networks-dhcpclient-v4 choices "${net_networks_dhcpclient_v4}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-networks-dhcpclient-v4 || true ;; 26) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi db_subst debian-edu-router-config/net-networks-staticip-v6 choices "Uplink, ${supported_internal_networks}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-networks-staticip-v6 || true ;; 27) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi db_subst debian-edu-router-config/net-networks-auto-v6 choices "${net_networks_auto_v6}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-networks-auto-v6 || true ;; 28) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi db_subst debian-edu-router-config/net-networks-dhcpclient-v6 choices "${net_networks_dhcpclient_v6}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-networks-dhcpclient-v6 || true ;; 29) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "Uplink"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-address-v4-uplink || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 30) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "Uplink"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-address-v6-uplink || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 31) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "Uplink"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-gateway-v4-uplink || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 32) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "Uplink"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-gateway-v6-uplink || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 33) db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-nameservers-uplink || true ;; 34) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "OpenLAN"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-openlan || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 35) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "OpenLAN"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-openlan || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 36) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "Education"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-education || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 37) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "Education"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-education || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 38) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "Mgmt"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-mgmt || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 39) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "Mgmt"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-mgmt || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 40) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "School-Administration"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-schooladministration || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 41) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "School-Administration"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-schooladministration || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 42) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "WiFi-Students"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-wifistudents || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 43) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "WiFi-Students"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-wifistudents || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 44) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "WiFi-Teachers"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-wifiteachers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 45) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "WiFi-Teachers"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-wifiteachers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 46) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "WiFi-Guests"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-wifiguests || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 47) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "WiFi-Guests"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-wifiguests || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 48) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v4}" | grep -q "Printers"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v4-printers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 49) # Special case: User backed up after skipping network setup. if [[ -n "$USER_SKIPPED_NETWORK_SETUP" ]]; then # We are going to $NETWORK_SETUP_QUESTION - 1 because # STATE control goes directly to $NETWORK_SETUP_QUESTION + 1 # This causes a bug if one has failed STEP-BY-STEP setup, # was sent to the network-setup question again, skipped # network-setup and then backed up again. STATE="$(($NETWORK_SETUP_QUESTION - 1))"; STATE_DIRECTION=1 fi if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${net_networks_staticip_v6}" | grep -q "Printers"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-address-v6-printers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; ### Firewall 50) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi # start with all networks service_firewall_networks_nat="${supported_internal_networks}" db_subst debian-edu-router-config/service-firewall-networks-nat choices "${service_firewall_networks_nat}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-networks-nat || true ;; 51) db_subst debian-edu-router-config/service-firewall-networks-routed choices "${service_firewall_networks_routed}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-networks-routed || true ;; 52) service_firewall_networks_allow_internet="${supported_internal_networks}" db_subst debian-edu-router-config/service-firewall-networks-allow-internet choices "${service_firewall_networks_allow_internet}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-networks-allow-internet || true ;; 53) # Suitable for both IPv4 and IPv6 db_get debian-edu-router-config/service-firewall-networks-allow-internet service_firewall_networks_allow_internet="${RET}" compare_comma_separated_items "${supported_internal_networks}" "${service_firewall_networks_allow_internet}" unequal_items="${RES}" if [ -z "${unequal_items}" ]; then # If all networks are allowed to have direct internet access # anyway, then don't bother to ask this question. STATE=$(($STATE + $STATE_DIRECTION)); debug_log "All supported networks have direct internet access, $( )skipping trustworthy IPs/networks step…" continue; fi db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-trustworthy-ips || true ;; 54) # Reverse NAT: This question is IPv4 only if [ "$IPV4" != true ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-reverse-nat-configs || true ;; 55) # Incoming SSH connections db_subst debian-edu-router-config/service-firewall-ssh-incoming choices "Uplink, ${supported_internal_networks}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-ssh-incoming || true ;; ### ### SERVICES: ### ### Service: DHCP 56) if [ "$IPV4" != true ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi # start with networks that have a static IPv4 address on this host (except Uplink network) service_dhcp_networks_v4="$(echo ${net_networks_staticip_v4} | sed -e 's/Uplink, //g')" db_subst debian-edu-router-config/service-dhcp-networks-v4 choices "${service_dhcp_networks_v4}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-networks-v4 || true ;; 57) if [ "${IPV6}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi # start with networks that have a static IPv6 address on this host (except Uplink network) service_dhcp_networks_v6="$(echo ${net_networks_staticip_v6} | sed -e 's/Uplink, //g')" db_subst debian-edu-router-config/service-dhcp-networks-v6 choices "${service_dhcp_networks_v6}" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-networks-v6 || true ;; 58) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "OpenLAN"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-openlan || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 59) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "Education"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-education || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 60) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "Mgmt"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-mgmt || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 61) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "School-Administration"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-schooladministration || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 62) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "WiFi-Students"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-wifistudents || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 63) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "WiFi-Teachers"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-wifiteachers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 64) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "WiFi-Guests"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-wifiguests || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; 65) if [ "${IPV4}" != "true" ]; then STATE=$(($STATE + $STATE_DIRECTION)); continue; fi if echo "${service_dhcp_networks_v4}" | grep -q "Printers"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-dhcp-range-v4-printers || true else STATE=$(($STATE + $STATE_DIRECTION)) continue fi ;; # # SSH # 66) # Asking port for SSH services db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-ssh-custom-port || true ;; ### END OF SERVICES # not implemented yet... 67) db_input ${DC_PRIO_HIGH} debian-edu-router-config/not-implemented-yet || true ;; 999) ;; *) echo "Unknown state ${STATE}!"; exit 255 ;; esac if db_go || [ "$BYPASS_DB_GO" == true ]; then # evaluate answers case "${STATE}" in 0) db_get debian-edu-router-config/ip-forwarding-consent if [ "${RET}" != "Yes" ]; then echo "Aborting configuration of Debian Edu Router as requested." exit 1 fi ;; 1) USER_SKIPPED_NETWORK_SETUP="" db_get debian-edu-router-config/net-setup-mode net_setup_mode=$(echo "${RET}" | cut -d" " -f1) if [ "${net_setup_mode}" == "" ] || \ [ "${net_setup_mode}" == "SKIP-NETWORK-SETUP" ]; then STATE=$((${NETWORK_SETUP_LAST} + 1)) USER_SKIPPED_NETWORK_SETUP="true" continue else # detect network interfaces if [ "${net_setup_mode}" = "OFFLINE-SETUP" ]; then nic_choices=$(available_network_interfaces_offline) elif [ "${net_setup_mode}" = "ALL-CONNECTED" ]; then nic_choices=$(available_network_interfaces_online) elif [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then # delay checking number of online interfaces # be content with offline interfaces for now nic_choices=$(available_network_interfaces_offline) fi fi # we need at least two network interfaces if ! echo "${nic_choices}" | grep -q ", "; then db_set debian-edu-router-config/skip-networking-if-not-enough-ifaces-available true db_set debian-edu-router-config/skip-networking-if-not-enough-ifaces-non-configured true # skip network setup, not enough interfaces available non_d_e_r_ifaces=`get_non_d_e_r_ifaces` if [ -n "${non_d_e_r_ifaces}" ]; then db_subst debian-edu-router-config/skip-networking-if-not-enough-ifaces-non-configured non_d_e_r_ifaces "$(echo ${non_d_e_r_ifaces} | tr ' ' '\n' | debconf-escape -e)" db_input $DC_PRIO_HIGH debian-edu-router-config/skip-networking-if-not-enough-ifaces-non-configured || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi db_get debian-edu-router-config/skip-networking-if-not-enough-ifaces-non-configured else db_input $DC_PRIO_HIGH debian-edu-router-config/skip-networking-if-not-enough-ifaces-available || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi db_get debian-edu-router-config/skip-networking-if-not-enough-ifaces-available fi if [ "${RET}" = false ]; then STATE=1 continue else STATE=999 fi fi ;; 2) nic_choices=$(filter_iface debian-edu-router-config/net-ext-iface-uplink ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-ext-iface-uplink uplink_iface="${RET}" db_subst debian-edu-router-config/net-ext-iface-uplink-assigned iface "$uplink_iface" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-iface-uplink-assigned || true db_go || true fi ;; 3) db_get debian-edu-router-config/net-int-supportednetworks if [ -z "${RET}" ]; then # An empty choice is not acceptable here, tolerate re-asking 5 times FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-supportednetworks ${FCOUNTER} 5 # Simply re-ask the question for supported internal network types continue fi supported_internal_networks="${RET}" FCOUNTER=0 ;; 4) db_get debian-edu-router-config/net-int-with-vlans if [ "${RET}" = "false" ]; then STATE=$((${NETWORK_SETUP_SKIP_VLAN}-1)) fi ;; 5) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-vlan ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_subst debian-edu-router-config/net-int-iface-vlan-assigned iface "${RET}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-vlan-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 6) db_get debian-edu-router-config/net-int-supportednetworks-via-vlan if [ -z "${RET}" ]; then # An empty choice is not acceptable here, tolerate re-asking 5 times FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-supportednetworks-via-vlan ${FCOUNTER} 5 # Simply re-ask the question for supported internal network # types via VLAN. continue fi supported_internal_networks_via_vlan="${RET}" FCOUNTER=0 # # FIXME: find a good if-clause condition for this # # FIXME: Update this with debian-edu-router-config/skip-networking-if-not-enough-ifaces-non-configured # if [ not enough network interfaces for the number of networks ]; then # db_set debian-edu-router-config/skip-networking-if-not-enough-ifaces-available true # # skip network setup, not enough interfaces available # db_input $DC_PRIO_HIGH debian-edu-router-config/skip-networking-if-not-enough-ifaces-available || true # db_go # db_get debian-edu-router-config/skip-networking-if-not-enough-ifaces-available # if [ "${RET}" = false ]; then # STATE=1 # continue # else # STATE=999 # fi # fi ;; 7) db_get debian-edu-router-config/net-int-vlanid-openlan _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-openlan ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 8) db_get debian-edu-router-config/net-int-vlanid-education _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-education ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 9) db_get debian-edu-router-config/net-int-vlanid-mgmt _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-mgmt ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 10) db_get debian-edu-router-config/net-int-vlanid-schooladministration _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-schooladministration ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 11) db_get debian-edu-router-config/net-int-vlanid-wifistudents _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-wifistudents ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 12) db_get debian-edu-router-config/net-int-vlanid-wifiteachers _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-wifiteachers ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 13) db_get debian-edu-router-config/net-int-vlanid-wifiguests _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-wifiguests ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 14) db_get debian-edu-router-config/net-int-vlanid-printers _vlanid=$(echo ${RET} | sed -e "s/\s//g") if ! is_vlanid ${_vlanid}; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-int-vlanid-printers ${FCOUNTER} 5 continue fi FCOUNTER=0 ;; 15) # if we reach here, network setup is obviously possible, enough interfaces have been found db_set debian-edu-router-config/skip-networking-if-not-enough-ifaces-available false db_set debian-edu-router-config/skip-networking-if-not-enough-ifaces-non-configured false nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-openlan ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-openlan openlan_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-openlan-assigned iface "${openlan_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-openlan-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 16) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-education ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-education education_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-education-assigned iface "${education_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-education-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 17) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-mgmt ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-mgmt mgmt_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-mgmt-assigned iface "${mgmt_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-mgmt-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 18) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-schooladministration ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-schooladministration schooladministration_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-schooladministration-assigned iface "${schooladministration_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-schooladministration-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 19) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifistudents ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-wifistudents wifistudents_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-wifistudents-assigned iface "${wifistudents_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-wifistudents-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 20) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifiteachers ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-wifiteachers wifiteachers_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-wifiteachers-assigned iface "${wifiteachers_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-wifiteachers-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 21) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-wifiguests ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-wifiguests wifiguests_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-wifiguests-assigned iface "${wifiguests_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-wifiguests-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 22) nic_choices=$(filter_iface debian-edu-router-config/net-int-iface-printers ${nic_choices}) if [ "${net_setup_mode}" = "STEP-BY-STEP" ]; then db_get debian-edu-router-config/net-int-iface-printers printers_iface="${RET}" db_subst debian-edu-router-config/net-int-iface-printers-assigned iface "${printers_iface}" || true db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-int-iface-printers-assigned || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi fi ;; 23) db_get debian-edu-router-config/net-ip-versions-enabled if [ -z "${RET}" ]; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-ip-versions-enabled ${FCOUNTER} 5 continue fi FCOUNTER=0 IPV4=false IPV6=false for version in $(echo "${RET}" | sed -e 's/,//g'); do if [ "$version" == "IPv4" ]; then IPV4=true elif [ "$version" == "IPv6" ]; then IPV6=true else echo "debian-edu-router-config.config: IP version '$version' is not supported." exit 1 fi done ;; ### ### Network IPv4/IPv6 Addresses ### 24) db_get debian-edu-router-config/net-networks-staticip-v4 net_networks_staticip_v4="${RET}" net_networks_dhcpclient_v4="Uplink, ${supported_internal_networks}" for network in $(echo "${net_networks_staticip_v4}" | sed -e 's/,//g'); do net_networks_dhcpclient_v4=`echo ${net_networks_dhcpclient_v4} | sed -Ee "s/(${network}, |, ${network}|${network})//g"` done ;; 25) db_get debian-edu-router-config/net-networks-dhcpclient-v4 net_networks_dhcpclient_v4="${RET}" net_networks_manual_v4="Uplink, ${supported_internal_networks}" for network in $(echo "${net_networks_staticip_v4}, ${net_networks_dhcpclient_v4}" | sed -e 's/,//g'); do net_networks_manual_v4=`echo ${net_networks_manual_v4} | sed -Ee "s/(${network}, |, ${network}|${network})//g"` done db_subst debian-edu-router-config/net-networks-manual-v4 choices "${net_networks_manual_v4}" db_set debian-edu-router-config/net-networks-manual-v4 "${net_networks_manual_v4}" db_fset debian-edu-router-config/net-networks-manual-v4 seen true ;; 26) db_get debian-edu-router-config/net-networks-staticip-v6 net_networks_staticip_v6="${RET}" net_networks_auto_v6="Uplink, ${supported_internal_networks}" for network in $(echo "${net_networks_staticip_v6}" | sed -e 's/,//g'); do net_networks_auto_v6=`echo ${net_networks_auto_v6} | sed -Ee "s/(${network}, |, ${network}|${network})//g"` done ;; 27) db_get debian-edu-router-config/net-networks-auto-v6 net_networks_auto_v6="${RET}" net_networks_manual_v6="Uplink, ${supported_internal_networks}" for network in $(echo "${net_networks_staticip_v4}, ${net_networks_auto_v6}" | sed -e 's/,//g'); do net_networks_manual_v6=`echo ${net_networks_manual_v6} | sed -Ee "s/(${network}, |, ${network}|${network})//g"` done db_subst debian-edu-router-config/net-networks-manual-v6 choices "${net_networks_manual_v6}" db_set debian-edu-router-config/net-networks-manual-v6 "${net_networks_manual_v6}" db_fset debian-edu-router-config/net-networks-manual-v6 seen true # interfaces that are candidates for IPv6 router advertisement are also candidates for DHCPv6 net_networks_dhcpclient_v6="${net_networks_auto_v6}" ;; 28) ;; ### ### Service to Network Assignments ### 29) if echo "${net_networks_staticip_v4}" | grep -q "Uplink"; then db_get debian-edu-router-config/net-ext-address-v4-uplink || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 30) if echo "${net_networks_staticip_v6}" | grep -q "Uplink"; then db_get debian-edu-router-config/net-ext-address-v6-uplink || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 31) if echo "${net_networks_staticip_v4}" | grep -q "Uplink"; then db_get debian-edu-router-config/net-ext-gateway-v4-uplink || true if ! is_address_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 32) # Check whether an IPv6 network address has been configured for the 'Uplink' interface. # And only if so, ask for an IPv6 gateway adress. db_get debian-edu-router-config/net-ext-address-v6-uplink || true if echo "${net_networks_staticip_v6}" | grep -q "Uplink" && [ -n "${RET}" ]; then db_get debian-edu-router-config/net-ext-gateway-v6-uplink || true if ! is_address_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 33) db_get debian-edu-router-config/net-networks-staticip-v4 networks_static_v4="${RET}" if [ "$IPV4" == true ] && [ -n "$(echo "${networks_static_v4}" | grep Uplink)" ]; then needs_ipv4_nameserver_address=true debug_log "An external IPv4 nameserver must be specified since Uplink NIC is configured statically." else needs_ipv4_nameserver_address=false fi db_get debian-edu-router-config/net-networks-staticip-v6 networks_static_v6="${RET}" if [ "$IPV6" == true ] && [ -n "$(echo "${networks_static_v6}" | grep Uplink)" ]; then needs_ipv6_nameserver_address=true debug_log "An external IPv6 nameserver must be specified since Uplink NIC is configured statically." else needs_ipv6_nameserver_address=false fi db_get debian-edu-router-config/net-ext-nameservers-uplink || true dns_nameservers="$(echo ${RET} | sed -E -e "s/,/ /g" -e "s/\s+/ /g")" if [ -z "${dns_nameservers}" ]; then # Only absolutely require external nameservers, if 'Uplink' is configured statically, # IPv4 nameservers can answer queries for IPv6 addresses and vice versa. So, in theory, # it is sufficient to configure one nameserver IP. if [ "$needs_ipv4_nameserver_address" == true ] || [ "$needs_ipv6_nameserver_address" == true ]; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-ext-nameservers-uplink-required || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi warning_log "An external nameserver must be specified since Uplink is configured statically!" FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-ext-nameservers-uplink ${FCOUNTER} 5 continue fi fi invalid_nameserver=false # Check for invalid entries for dns_addr in ${dns_nameservers}; do if [ "$IPV4" == true ] && is_address_v4 "${dns_addr}"; then # Alright, address looks good. Check next one. debug_log "IPv4 nameserver address '$dns_addr' could be verified." continue elif [ "$IPV6" == true ] && is_address_v6 "${dns_addr}"; then # Alright, address looks good. Check next one. debug_log "IPv6 nameserver address '$dns_addr' could be verified." continue fi warning_log "Nameserver address '$dns_addr' is *not* valid!" db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-nameserver || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi invalid_nameserver=true FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/net-ext-nameservers-uplink ${FCOUNTER} 5 break done # Let the user retry if invalid entry was found. if [ "${invalid_nameserver}" == true ]; then continue fi FCOUNTER=0 ;; 34) if echo "${net_networks_staticip_v4}" | grep -q "OpenLAN"; then db_get debian-edu-router-config/net-int-address-v4-openlan || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 35) if echo "${net_networks_staticip_v6}" | grep -q "OpenLAN"; then db_get debian-edu-router-config/net-int-address-v6-openlan || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 36) if echo "${net_networks_staticip_v4}" | grep -q "Education"; then db_get debian-edu-router-config/net-int-address-v4-education || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 37) if echo "${net_networks_staticip_v6}" | grep -q "Education"; then db_get debian-edu-router-config/net-int-address-v6-education || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 38) if echo "${net_networks_staticip_v4}" | grep -q "Mgmt"; then db_get debian-edu-router-config/net-int-address-v4-mgmt || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 39) if echo "${net_networks_staticip_v6}" | grep -q "Mgmt"; then db_get debian-edu-router-config/net-int-address-v6-mgmt || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 40) if echo "${net_networks_staticip_v4}" | grep -q "School-Administration"; then db_get debian-edu-router-config/net-int-address-v4-schooladministration || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 41) if echo "${net_networks_staticip_v6}" | grep -q "School-Administration"; then db_get debian-edu-router-config/net-int-address-v6-schooladministration || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 42) if echo "${net_networks_staticip_v4}" | grep -q "WiFi-Students"; then db_get debian-edu-router-config/net-int-address-v4-wifistudents || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 43) if echo "${net_networks_staticip_v6}" | grep -q "WiFi-Students"; then db_get debian-edu-router-config/net-int-address-v6-wifistudents || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 44) if echo "${net_networks_staticip_v4}" | grep -q "WiFi-Teachers"; then db_get debian-edu-router-config/net-int-address-v4-wifiteachers || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 45) if echo "${net_networks_staticip_v6}" | grep -q "WiFi-Teachers"; then db_get debian-edu-router-config/net-int-address-v6-wifiteachers || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 46) if echo "${net_networks_staticip_v4}" | grep -q "WiFi-Guests"; then db_get debian-edu-router-config/net-int-address-v4-wifiguests || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 47) if echo "${net_networks_staticip_v6}" | grep -q "WiFi-Guests"; then db_get debian-edu-router-config/net-int-address-v6-wifiguests || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 48) if echo "${net_networks_staticip_v4}" | grep -q "Printers"; then db_get debian-edu-router-config/net-int-address-v4-printers || true if ! is_valid_ipconfig_v4 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv4 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; 49) if echo "${net_networks_staticip_v6}" | grep -q "Printers"; then db_get debian-edu-router-config/net-int-address-v6-printers || true # an IPv6 address is optional, so it can be left empty if [ -n "${RET}" ] && ! is_valid_ipconfig_v6 "${RET}"; then db_input ${DC_PRIO_HIGH} debian-edu-router-config/net-syntax-invalid-ipv6 || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi fi ;; ### Firewall 50) db_get debian-edu-router-config/service-firewall-networks-nat || true service_firewall_networks_nat="${RET}" service_firewall_networks_routed="${supported_internal_networks}" for network in $(echo "${service_firewall_networks_nat}" | sed -e 's/,//g'); do service_firewall_networks_routed=`echo ${service_firewall_networks_routed} | sed -Ee "s/(${network}, |, ${network}|${network})//g"` done ;; 51) db_get debian-edu-router-config/service-firewall-networks-routed || true service_firewall_networks_routed="${RET}" service_firewall_networks_hostonly="${supported_internal_networks}" for network in $(echo "${service_firewall_networks_nat}, ${service_firewall_networks_routed}" | sed -e 's/,//g'); do service_firewall_networks_hostonly=`echo ${service_firewall_networks_hostonly} | sed -Ee "s/(${network}, |, ${network}|${network})//g"` done db_subst debian-edu-router-config/service-firewall-networks-hostonly choices "${service_firewall_networks_hostonly}" db_set debian-edu-router-config/service-firewall-networks-hostonly "${service_firewall_networks_hostonly}" ;; 52) db_get debian-edu-router-config/service-firewall-networks-allow-internet || true service_firewall_networks_allow_internet="${RET}" service_firewall_networks_block_internet="${supported_internal_networks}" for network in $(echo "${service_firewall_networks_allow_internet}" | sed -e 's/,//g'); do service_firewall_networks_block_internet=`echo ${service_firewall_networks_block_internet} | sed -Ee "s/(${network}, |, ${network}|${network})//g"` done db_subst debian-edu-router-config/service-firewall-networks-block-internet choices "${service_firewall_networks_block_internet}" db_set debian-edu-router-config/service-firewall-networks-block-internet "${service_firewall_networks_block_internet}" ;; 53) # Check if debian-edu-router-config/service-firewall-trustworthy-ips # is valid db_get debian-edu-router-config/service-firewall-trustworthy-ips if [[ -n "${RET}" ]]; then declare -a trustworthy_ips=(${RET}) # Collect all internal addresses/networks declare -A internal_networks get_internal_networks # debug_log "Internal networks found for trustworthy " \ # "addresses/networks validation:" # for _i_n_name in "${!internal_networks[@]}"; do # debug_log " - $_i_n_name:\t${internal_networks[$_i_n_name]}" # done failure_in_for_loop="" for item in "${trustworthy_ips[@]}"; do item_ip_version="" # Could be a network or an address. So let's figure out what # it is. We could generally say everything containing a '/' # should be consired as a network. if [[ "$item" == *"/"* ]]; then if [ "${IPV4}" == "true" ]; then is_valid_ipconfig_v4 "${item}" && item_ip_version="network_v4" fi if [ "${IPV6}" == "true" ]; then is_valid_ipconfig_v6 "${item}" && item_ip_version="network_v6" fi if ! [ "$item_ip_version" = "network_v4" ] && \ ! [ "$item_ip_version" = "network_v6" ]; then debug_log "${item}: Is *not* a valid IP network!" failure_in_for_loop="invalid_ip_network" break fi else if [ "${IPV4}" == "true" ]; then is_address_v4 "${item}" && item_ip_version="address_v4" fi if [ "${IPV6}" == "true" ]; then is_address_v6 "${item}" && item_ip_version="address_v6" fi if ! [ "$item_ip_version" = "address_v4" ] && \ ! [ "$item_ip_version" = "address_v6" ]; then debug_log "${item}: Is *not* a valid IP address!" failure_in_for_loop="invalid_ip_address" break fi fi matching_internal_network="" # For-loop in a for-loop is often not a good idea # but we don't have that many supported internal networks. for _i_n_name in "${!internal_networks[@]}"; do _internal_network="${internal_networks[$_i_n_name]}" if is_valid_ipconfig_v4 "$_internal_network"; then if [[ "$item_ip_version" =~ "_v4" ]]; then debug_log "Checking if IPv4 address/network '$item' is in network '$_internal_network'…" if is_ip4config_in_network "$item" "$_internal_network"; then debug_log "IPv4 address/network $item is in network '$_internal_network'!" matching_internal_network="$_internal_network" break fi fi elif is_valid_ipconfig_v6 "$_internal_network"; then if [[ "$item_ip_version" =~ "_v6" ]]; then debug_log "Checking if IPv6 address/network '$item' is in network '$_internal_network'…" # TODO: Create function is_ip6config_in_network debug_log "----- IPv6 matching is not yet implemented! -----" # if is_ip6config_in_network "$item" "$_internal_network"; then # debug_log "IPv6 address/network $item is in network '$_internal_network'!" # matching_internal_network="$_internal_network" # break # fi fi else echo "Found invalid internal network '$_internal_network'!" echo "This definitely shouldn't be possible. Aborting configuration now." echo "Run 'dpkg-configure debian-edu-router-config' from the" echo "command line and fix your configuration." exit 1 fi done if [[ -z "$matching_internal_network" ]]; then failure_in_for_loop="no_matching_internal_network" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-invalid-trustworthy-ips || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-firewall-trustworthy-ips ${FCOUNTER} 5 # Let the user try again STATE_DIRECTION=-1 STATE=$(($STATE + $STATE_DIRECTION)) break fi # Do not reset $FCOUNTER here. We want to reset it below. done # If an invalid IP address or network was specified. # Invalid means: Neither valid IPv4 nor valid IPv6 if [[ "$failure_in_for_loop" = "invalid_ip_"* ]]; then debug_log "Reason for retry: $failure_in_for_loop." reason_text="Unknown reason." case $failure_in_for_loop in "invalid_ip_"*) reason_text="A malformed IP/network was specified." ;; "no_matching_internal_network") reason_text="One of the specified IPs/networks is $( )not part of an internal network and can $( )therefore not be matched." ;; esac db_subst debian-edu-router-config/service-firewall-invalid-trustworthy-ips reason "$reason_text" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-invalid-trustworthy-ips || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-firewall-trustworthy-ips ${FCOUNTER} 5 # Let the user try again STATE_DIRECTION=-1 STATE=$(($STATE + $STATE_DIRECTION)) elif [[ "$failure_in_for_loop" != "no_matching_internal_network" ]]; then FCOUNTER=0 fi fi ;; 54) db_get debian-edu-router-config/service-firewall-reverse-nat-configs if [[ -n "${RET}" ]]; then declare -a reverse_nat_configs=(${RET}) db_get debian-edu-router-config/service-firewall-networks-nat || true service_firewall_networks_nat="${RET}" # Examples: # reverse_nat_configs=("tcp:200:10.0.2.2:22" "udp:25565:10.0.2.10:26000" # "udp:25565:10.0.2.10" "25565:10.0.2.10:26000" "25565:10.0.2.250") for item in "${reverse_nat_configs[@]}"; do parse_reverse_nat_config "$item" if [ -n "$failure_in_parsing" ]; then break else debug_log "Config item '$item' is valid." \ "Following things could be extracted:" debug_log " - Protocol: $rn_protocol" debug_log " - External port: $rn_extern_port" debug_log " - Host address: $rn_host_address" debug_log " - Host port: $rn_host_port" debug_log " - Internal network: $rn_matching_internal_network" fi done if [ -n "$failure_in_parsing" ]; then debug_log "Reason for retry: $failure_in_parsing." reason_text="Unknown reason." case $failure_in_parsing in "invalid_"*) reason_text="A malformed input was detected." ;; "no_matching_internal_network") reason_text="One of the specified host addresses $( )is not part of an internal network or the network $( )is not configured to be hidden behind a NAT." ;; esac db_subst debian-edu-router-config/service-firewall-invalid-reverse-nat-configs reason "$reason_text" db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-firewall-invalid-reverse-nat-configs || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-firewall-reverse-nat-configs ${FCOUNTER} 5 # Let the user try again STATE_DIRECTION=-1 STATE=$(($STATE + $STATE_DIRECTION)) else FCOUNTER=0 fi fi ;; 55) # nothing to do for SSH incoming firewall policy ;; ### ### SERVICES ### ### Service: DHCP 56) db_get debian-edu-router-config/service-dhcp-networks-v4 || true service_dhcp_networks_v4="${RET}" ;; 57) db_get debian-edu-router-config/service-dhcp-networks-v6 || true service_dhcp_networks_v6="${RET}" ;; 58) if echo "${service_dhcp_networks_v4}" | grep -q "OpenLAN"; then db_get debian-edu-router-config/service-dhcp-range-v4-openlan || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-openlan ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; 59) if echo "${service_dhcp_networks_v4}" | grep -q "Education"; then db_get debian-edu-router-config/service-dhcp-range-v4-education || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-education ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; 60) if echo "${service_dhcp_networks_v4}" | grep -q "Mgmt"; then db_get debian-edu-router-config/service-dhcp-range-v4-mgmt || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-mgmt ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; 61) if echo "${service_dhcp_networks_v4}" | grep -q "School-Administration"; then db_get debian-edu-router-config/service-dhcp-range-v4-schooladministration || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-schooladministration ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; 62) if echo "${service_dhcp_networks_v4}" | grep -q "WiFi-Students"; then db_get debian-edu-router-config/service-dhcp-range-v4-wifistudents || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-wifistudents ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; 63) if echo "${service_dhcp_networks_v4}" | grep -q "WiFi-Teachers"; then db_get debian-edu-router-config/service-dhcp-range-v4-wifiteachers || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-wifiteachers ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; 64) if echo "${service_dhcp_networks_v4}" | grep -q "WiFi-Guests"; then db_get debian-edu-router-config/service-dhcp-range-v4-wifiguests || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-wifiguests ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; 65) if echo "${service_dhcp_networks_v4}" | grep -q "Printers"; then db_get debian-edu-router-config/service-dhcp-range-v4-printers || true if ! is_valid_dhcp4_range "${RET}"; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-dhcp-range-v4-printers ${FCOUNTER} 5 db_input ${DC_PRIO_HIGH} debian-edu-router-config/service-syntax-invalid-dhcp-v4-range || true if ! db_go; then debug_log "Ignoring backup/db_go-failure…" fi continue fi FCOUNTER=0 # FIXME: further checks possible... # * start address lower than end address # * both addresses in same subnet # * check that both addresses are in iface's subnet # * etc. (?) fi ;; # # SSH # 66) db_get debian-edu-router-config/service-ssh-custom-port || true service_ssh_custom_port="${RET}" if [ -n "$service_ssh_custom_port" ]; then re='^[0-9]+$' if ! [[ $service_ssh_custom_port =~ $re ]] ; then FCOUNTER=$((${FCOUNTER}+1)) bailout_on_too_many_failures debian-edu-router-config/service-ssh-custom-port ${FCOUNTER} 5 # Let the user try again STATE_DIRECTION=-1 STATE=$(($STATE + $STATE_DIRECTION)) else FCOUNTER=0 fi fi ;; ### END OF SERVICES # not implemented yet... 67) ;; esac # last question was ok, so go up. # except if we just simulated that step… if [ "$BYPASS_DB_GO" == true ]; then STATE_DIRECTION=1 STATE=$ORIGIN_STATE else STATE_DIRECTION=1 STATE=$(($STATE + $STATE_DIRECTION)) fi # reset. BYPASS_DB_GO=false else # last question was not ok (user wants to backup), so go *DOWN* a step. # and if the next step should be skipped, go down another step. # and if that step should also be skipped, go down another step. # and so on and so on… STATE_DIRECTION=-1 STATE=$(($STATE + $STATE_DIRECTION)) debug_log "Backing up to step ${cyan}${STATE}${green}…" fi done if [ $STATE -lt $BACKSTOP ]; then # user went backwards from beyond BACKSTOP/entry point, abort package configuration. debug_log "User tried to backup beyond BACKSTOP/entry point… Exiting." exit 10 fi debug_log "Finishing debian-edu-router-config.config file…" exit 0