1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 Copyright 2010 - 2014 Red Hat, Inc.
9 <refentry id="NetworkManager.conf">
11 <title>NetworkManager.conf</title>
12 <author>NetworkManager developers</author>
16 <refentrytitle>NetworkManager.conf</refentrytitle>
17 <manvolnum>5</manvolnum>
18 <refmiscinfo class="source">NetworkManager</refmiscinfo>
19 <refmiscinfo class="manual">Configuration</refmiscinfo>
20 <refmiscinfo class="version">1.2</refmiscinfo>
24 <refname>NetworkManager.conf</refname>
25 <refpurpose>NetworkManager configuration file</refpurpose>
29 <para><filename>/etc/NetworkManager/NetworkManager.conf</filename>,
30 <filename>/etc/NetworkManager/conf.d/<replaceable>name</replaceable>.conf</filename>,
31 <filename>/usr/lib/NetworkManager/conf.d/<replaceable>name</replaceable>.conf</filename>,
32 <filename>/var/lib/NetworkManager/NetworkManager-intern.conf</filename>
37 <title>Description</title>
38 <para><literal>NetworkManager.conf</literal> is the configuration file for NetworkManager. It is used
39 to set up various aspects of NetworkManager's behavior. The
40 location of the main file and configuration directories may be changed
41 through use of the <option>--config</option>, <option>--config-dir</option>,
42 <option>--system-config-dir</option>, and <option>--intern-config</option>
43 argument for NetworkManager, respectively.
45 <para>If a default <literal>NetworkManager.conf</literal> is
46 provided by your distribution's packages, you should not modify
47 it, since your changes may get overwritten by package
48 updates. Instead, you can add additional <literal>.conf</literal>
49 files to the <literal>/etc/NetworkManager/conf.d</literal> directory.
50 These will be read in order, with later files overriding earlier ones.
51 Packages might install further configuration snippets to <literal>/usr/lib/NetworkManager/conf.d</literal>.
52 This directory is parsed first, even before <literal>NetworkManager.conf</literal>.
53 The loading of a file <literal>/usr/lib/NetworkManager/conf.d/<replaceable>name</replaceable>.conf</literal>
54 can be prevented by adding a file <literal>/etc/NetworkManager/conf.d/<replaceable>name</replaceable>.conf</literal>.
55 In this case, the file from the etc configuration shadows the file from the
56 system configuration directory.
59 NetworkManager can overwrite certain user configuration options via D-Bus or other internal
60 operations. In this case it writes those changes to <literal>/var/lib/NetworkManager/NetworkManager-intern.conf</literal>.
61 This file is not intended to be modified by the user, but it is read last and can shadow
62 user configuration from <literal>NetworkManager.conf</literal>.
68 <title>File Format</title>
70 The configuration file format is so-called key file (sort of
71 ini-style format). It consists of sections (groups) of
72 key-value pairs. Lines beginning with a '#' and blank lines are
73 considered comments. Sections are started by a header line
74 containing the section enclosed in '[' and ']', and ended
75 implicitly by the start of the next section or the end of the
76 file. Each key-value pair must be contained in a section.
79 For keys that take a list of devices as their value, you can
80 specify devices by their MAC addresses or interface names, or
81 "*" to specify all devices. See <xref linkend="device-spec"/>
85 Minimal system settings configuration file looks like this:
92 As an extension to the normal keyfile format, you can also
93 append a value to a previously-set list-valued key by doing:
95 plugins+=another-plugin
102 <title><literal>main</literal> section</title>
105 <term><varname>plugins</varname></term>
108 Lists system settings plugin names separated by ','. These
109 plugins are used to read and write system-wide
110 connections. When multiple plugins are specified, the
111 connections are read from all listed plugins. When writing
112 connections, the plugins will be asked to save the
113 connection in the order listed here; if the first plugin
114 cannot write out that connection type (or can't write out
115 any connections) the next plugin is tried, etc. If none of
116 the plugins can save the connection, an error is returned
120 If NetworkManager defines a distro-specific
121 network-configuration plugin for your system, then that
122 will normally be listed here. (See below for the available
123 plugins.) Note that the <literal>keyfile</literal> plugin
124 is always appended to the end of this list (if it doesn't
125 already appear earlier in the list), so if there is no
126 distro-specific plugin for your system then you can leave
127 this key unset and NetworkManager will fall back to using
128 <literal>keyfile</literal>.
133 <term><varname>monitor-connection-files</varname></term>
134 <listitem><para>Whether the configured settings plugin(s)
135 should set up file monitors and immediately pick up changes
136 made to connection files while NetworkManager is running. This
137 is disabled by default; NetworkManager will only read
138 the connection files at startup, and when explicitly requested
139 via the ReloadConnections D-Bus call. If this key is set to
140 '<literal>true</literal>', then NetworkManager will reload
141 connection files any time they changed.</para></listitem>
144 <term><varname>auth-polkit</varname></term>
145 <listitem><para>Whether the system uses PolicyKit for authorization.
146 If <literal>false</literal>, all requests will be allowed. If
147 <literal>true</literal>, non-root requests are authorized using PolicyKit.
148 The default value is <literal>@NM_CONFIG_DEFAULT_AUTH_POLKIT_TEXT@</literal>.
152 <term><varname>dhcp</varname></term>
153 <listitem><para>This key sets up what DHCP client
154 NetworkManager will use. Allowed values are
155 <literal>dhclient</literal>, <literal>dhcpcd</literal>, and
156 <literal>internal</literal>. The <literal>dhclient</literal>
157 and <literal>dhcpcd</literal> options require the indicated
158 clients to be installed. The <literal>internal</literal>
159 option uses a built-in DHCP client which is not currently as
160 featureful as the external clients.</para>
161 <para>If this key is missing, available DHCP clients are
162 looked for in this order: <literal>dhclient</literal>,
163 <literal>dhcpcd</literal>,
164 <literal>internal</literal>.</para></listitem>
167 <term><varname>no-auto-default</varname></term>
168 <listitem><para>Specify devices for which
169 NetworkManager shouldn't create default wired connection
170 (Auto eth0). By default, NetworkManager creates a temporary
171 wired connection for any Ethernet device that is managed and
172 doesn't have a connection configured. List a device in this
173 option to inhibit creating the default connection for the
174 device. May have the special value <literal>*</literal> to
175 apply to all devices.</para>
176 <para>When the default wired connection is deleted or saved
177 to a new persistent connection by a plugin, the device is
178 added to a list in the file
179 <filename>/var/run/NetworkManager/no-auto-default.state</filename>
180 to prevent creating the default connection for that device
182 <para>See <xref linkend="device-spec"/> for the syntax how to
188 no-auto-default=00:22:68:5c:5d:c4,00:1e:65:ff:aa:ee
189 no-auto-default=eth0,eth1
197 <term><varname>ignore-carrier</varname></term>
200 Specify devices for which NetworkManager will (partially)
201 ignore the carrier state. Normally, for
202 device types that support carrier-detect, such as Ethernet
203 and InfiniBand, NetworkManager will only allow a
204 connection to be activated on the device if carrier is
205 present (ie, a cable is plugged in), and it will
206 deactivate the device if carrier drops for more than a few
210 Listing a device here will allow activating connections on
211 that device even when it does not have carrier, provided
212 that the connection uses only statically-configured IP
213 addresses. Additionally, it will allow any active
214 connection (whether static or dynamic) to remain active on
215 the device when carrier is lost.
218 Note that the "carrier" property of NMDevices and device D-Bus
219 interfaces will still reflect the actual device state; it's just
220 that NetworkManager will not make use of that information.
222 <para>See <xref linkend="device-spec"/> for the syntax how to
229 <term><varname>assume-ipv6ll-only</varname></term>
232 Specify devices for which NetworkManager will try to
233 generate a connection based on initial configuration when
234 the device only has an IPv6 link-local address.
236 <para>See <xref linkend="device-spec"/> for the syntax how to
243 <term><varname>configure-and-quit</varname></term>
246 When set to '<literal>true</literal>', NetworkManager quits after
247 performing initial network configuration but spawns small helpers
248 to preserve DHCP leases and IPv6 addresses. This is useful in
249 environments where network setup is more or less static or it is
250 desirable to save process time but still handle some dynamic
251 configurations. When this option is <literal>true</literal>,
252 network configuration for WiFi, WWAN, Bluetooth, ADSL, and PPPoE
253 interfaces cannot be preserved due to their use of external
254 services, and these devices will be deconfigured when NetworkManager
255 quits even though other interface's configuration may be preserved.
256 Also, to preserve DHCP addresses the '<literal>dhcp</literal>' option
257 must be set to '<literal>internal</literal>'. The default value of
258 the '<literal>configure-and-quit</literal>' option is
259 '<literal>false</literal>', meaning that NetworkManager will continue
260 running after initial network configuration and continue responding
261 to system and hardware events, D-Bus requests, and user commands.
267 <term><varname>dns</varname></term>
268 <listitem><para>Set the DNS (<filename>resolv.conf</filename>) processing mode.</para>
269 <para><literal>default</literal>: The default if the key is
270 not specified. NetworkManager will update
271 <filename>resolv.conf</filename> to reflect the nameservers
272 provided by currently active connections.</para>
273 <para><literal>dnsmasq</literal>: NetworkManager will run
274 dnsmasq as a local caching nameserver, using a "split DNS"
275 configuration if you are connected to a VPN, and then update
276 <filename>resolv.conf</filename> to point to the local
278 <para><literal>unbound</literal>: NetworkManager will talk
279 to unbound and dnssec-triggerd, providing a "split DNS"
280 configuration with DNSSEC support. The /etc/resolv.conf
281 will be managed by dnssec-trigger daemon.</para>
282 <para><literal>none</literal>: NetworkManager will not
283 modify resolv.conf.</para>
288 <term><varname>rc-manager</varname></term>
289 <listitem><para>Set the <filename>resolv.conf</filename>
290 management mode. The default value depends on how NetworkManager
291 was built. Regardless of this setting, NetworkManager will
292 always write resolv.conf to its runtime state directory.</para>
293 <para><literal>none</literal>: NetworkManager will symlink
294 <filename>/etc/resolv.conf</filename> to its private
295 resolv.conf file in the runtime state directory.</para>
296 <para><literal>file</literal>: NetworkManager will write
297 <filename>/etc/resolv.conf</filename> as file.</para>
298 <para><literal>resolvconf</literal>: NetworkManager will run
299 resolvconf to update the DNS configuration.</para>
300 <para><literal>netconfig</literal>: NetworkManager will run
301 netconfig to update the DNS configuration.</para>
306 <term><varname>debug</varname></term>
307 <listitem><para>Comma separated list of options to aid
308 debugging. This value will be combined with the environment
309 variable <literal>NM_DEBUG</literal>. Currently the following
310 values are supported:</para>
312 <literal>RLIMIT_CORE</literal>: set ulimit -c unlimited
313 to write out core dumps. Beware, that a core dump can contain
314 sensitive information such as passwords or configuration settings.
317 <literal>fatal-warnings</literal>: set g_log_set_always_fatal()
318 to core dump on warning messages from glib. This is equivalent
319 to the --g-fatal-warnings command line option.
328 <title><literal>keyfile</literal> section</title>
329 <para>This section contains keyfile-plugin-specific options, and
330 is normally only used when you are not using any other
331 distro-specific plugin.</para>
336 <term><varname>hostname</varname></term>
337 <listitem><para>This key is deprecated and has no effect
338 since the hostname is now stored in /etc/hostname or other
339 system configuration files according to build options.
343 <term><varname>path</varname></term>
345 <para>The location where keyfiles are read and stored.
346 This defaults to "<literal>@NM_CONFIG_KEYFILE_PATH_DEFAULT@</literal>".
351 <term><varname>unmanaged-devices</varname></term>
352 <listitem><para>Set devices that should be ignored by
355 <para>See <xref linkend="device-spec"/> for the syntax how to
361 unmanaged-devices=interface-name:em4
362 unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth2
372 <title><literal>ifupdown</literal> section</title>
373 <para>This section contains ifupdown-specific options and thus only
374 has effect when using the <literal>ifupdown</literal> plugin.</para>
379 <term><varname>managed</varname></term>
380 <listitem><para>If set to <literal>true</literal>, then
382 <filename>/etc/network/interfaces</filename> are managed by
383 NetworkManager. If set to <literal>false</literal>, then
384 any interface listed in
385 <filename>/etc/network/interfaces</filename> will be ignored
386 by NetworkManager. Remember that NetworkManager controls the
387 default route, so because the interface is ignored,
388 NetworkManager may assign the default route to some other
391 The default value is <literal>false</literal>.
400 <title><literal>logging</literal> section</title>
401 <para>This section controls NetworkManager's logging. Any
402 settings here are overridden by the <option>--log-level</option>
403 and <option>--log-domains</option> command-line options.</para>
408 <term><varname>level</varname></term>
409 <listitem><para>The default logging verbosity level.
410 One of <literal>OFF</literal>, <literal>ERR</literal>,
411 <literal>WARN</literal>, <literal>INFO</literal>,
412 <literal>DEBUG</literal>, <literal>TRACE</literal>. The ERR
413 level logs only critical errors. WARN logs warnings that may
414 reflect operation. INFO logs various informational messages that
415 are useful for tracking state and operations. DEBUG enables
416 verbose logging for debugging purposes. TRACE enables even more
417 verbose logging then DEBUG level. Subsequent levels also log
418 all messages from earlier levels; thus setting the log level
419 to INFO also logs error and warning messages.</para></listitem>
422 <term><varname>domains</varname></term>
423 <listitem><para>The following log domains are available:
424 PLATFORM, RFKILL, ETHER, WIFI, BT, MB, DHCP4, DHCP6, PPP,
425 WIFI_SCAN, IP4, IP6, AUTOIP4, DNS, VPN, SHARING, SUPPLICANT,
426 AGENTS, SETTINGS, SUSPEND, CORE, DEVICE, OLPC, WIMAX,
427 INFINIBAND, FIREWALL, ADSL, BOND, VLAN, BRIDGE, DBUS_PROPS,
428 TEAM, CONCHECK, DCB, DISPATCH, AUDIT.</para>
429 <para>In addition, these special domains can be used: NONE,
430 ALL, DEFAULT, DHCP, IP.</para>
431 <para>You can specify per-domain log level overrides by
432 adding a colon and a log level to any domain. E.g.,
433 "<literal>WIFI:DEBUG,WIFI_SCAN:OFF</literal>".</para></listitem>
436 <para>Domain descriptions:
437 <simplelist type="horiz" columns="1">
438 <member>PLATFORM : OS (platform) operations</member>
439 <member>RFKILL : RFKill subsystem operations</member>
440 <member>ETHER : Ethernet device operations</member>
441 <member>WIFI : Wi-Fi device operations</member>
442 <member>BT : Bluetooth operations</member>
443 <member>MB : Mobile broadband operations</member>
444 <member>DHCP4 : DHCP for IPv4</member>
445 <member>DHCP6 : DHCP for IPv6</member>
446 <member>PPP : Point-to-point protocol operations</member>
447 <member>WIFI_SCAN : Wi-Fi scanning operations</member>
448 <member>IP4 : IPv4-related operations</member>
449 <member>IP6 : IPv6-related operations</member>
450 <member>AUTOIP4 : AutoIP operations</member>
451 <member>DNS : Domain Name System related operations</member>
452 <member>VPN : Virtual Private Network connections and operations</member>
453 <member>SHARING : Connection sharing</member>
454 <member>SUPPLICANT : WPA supplicant related operations</member>
455 <member>AGENTS : Secret agents operations and communication</member>
456 <member>SETTINGS : Settings/config service operations</member>
457 <member>SUSPEND : Suspend/resume</member>
458 <member>CORE : Core daemon and policy operations</member>
459 <member>DEVICE : Activation and general interface operations</member>
460 <member>OLPC : OLPC Mesh device operations</member>
461 <member>WIMAX : WiMAX device operations</member>
462 <member>INFINIBAND : InfiniBand device operations</member>
463 <member>FIREWALL : FirewallD related operations</member>
464 <member>ADSL : ADSL device operations</member>
465 <member>BOND : Bonding operations</member>
466 <member>VLAN : VLAN operations</member>
467 <member>BRIDGE : Bridging operations</member>
468 <member>DBUS_PROPS : D-Bus property changes</member>
469 <member>TEAM : Teaming operations</member>
470 <member>CONCHECK : Connectivity check</member>
471 <member>DCB : Data Center Bridging (DCB) operations</member>
472 <member>DISPATCH : Dispatcher scripts</member>
473 <member>AUDIT : Audit records</member>
475 <member>NONE : when given by itself logging is disabled</member>
476 <member>ALL : all log domains</member>
477 <member>DEFAULT : default log domains</member>
478 <member>DHCP : shortcut for "DHCP4,DHCP6"</member>
479 <member>IP : shortcut for "IP4,IP6"</member>
481 <member>HW : deprecated alias for "PLATFORM"</member>
486 <term><varname>backend</varname></term>
487 <listitem><para>The logging backend. Supported values
488 are "<literal>debug</literal>", "<literal>syslog</literal>",
489 "<literal>journal</literal>".
490 "<literal>debug</literal>" uses syslog and logs to standard error.
491 If NetworkManager is started in debug mode (<literal>--debug</literal>)
492 this option is ignored and "<literal>debug</literal>" is always used.
493 Otherwise, the default is "<literal>@NM_CONFIG_LOGGING_BACKEND_DEFAULT_TEXT@</literal>".
497 <term><varname>audit</varname></term>
498 <listitem><para>Whether the audit records are delivered to
499 auditd, the audit daemon. If <literal>false</literal>, audit
500 records will be sent only to the NetworkManager logging
501 system. If set to <literal>true</literal>, they will be also
502 sent to auditd. The default value is <literal>@NM_CONFIG_DEFAULT_LOGGING_AUDIT_TEXT@</literal>.
510 <title><literal>connection</literal> section</title>
511 <para>Specify default values for connections.
521 <title>Supported Properties</title>
523 Not all properties can be overwritten, only the following
524 properties are supported to have their default values configured
525 (see <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details).
526 A default value is only consulted if the corresponding per-connection value
527 explicitly allows for that.
530 <term><varname>connection.autoconnect-slaves</varname></term>
533 <term><varname>connection.lldp</varname></term>
536 <term><varname>ethernet.wake-on-lan</varname></term>
539 <term><varname>ipv4.dad-timeout</varname></term>
542 <term><varname>ipv4.dhcp-timeout</varname></term>
543 <listitem><para>If left unspecified, the default value for
544 the interface type is used.</para></listitem>
547 <term><varname>ipv4.route-metric</varname></term>
550 <term><varname>ipv6.ip6-privacy</varname></term>
551 <listitem><para>If <literal>ipv6.ip6-privacy</literal> is unset, use the content of
552 "/proc/sys/net/ipv6/conf/default/use_tempaddr" as last fallback.
556 <term><varname>ipv6.route-metric</varname></term>
559 <term><varname>vpn.timeout</varname></term>
560 <listitem><para>If left unspecified, default value of 60 seconds is used.</para></listitem>
563 <term><varname>wifi.mac-address-randomization</varname></term>
564 <listitem><para>If left unspecified, MAC address randomization is disabled.</para></listitem>
567 <term><varname>wifi.powersave</varname></term>
568 <listitem><para>If left unspecified, the default value
569 "<literal>ignore</literal>" will be used.</para></listitem>
576 <title>Sections</title>
578 You can configure multiple <literal>connection</literal>
579 sections, by having different sections with a name that all start
585 connection.autoconnect-slaves=1
588 [connection-wifi-wlan0]
589 match-device=interface-name:wlan0
592 [connection-wifi-other]
593 match-device=type:wifi
600 The sections within one file are considered in order of appearance, with the
601 exception that the <literal>[connection]</literal> section is always
602 considered last. In the example above, this order is <literal>[connection-wifi-wlan0]</literal>,
603 <literal>[connection-wlan-other]</literal>, and <literal>[connection]</literal>.
604 When checking for a default configuration value, the sections are searched until
605 the requested value is found.
606 In the example above, "ipv4.route-metric" for wlan0 interface is set to 50,
607 and for all other Wi-Fi typed interfaces to 55. Also, Wi-Fi devices would have
608 IPv6 private addresses enabled by default, but other devices would have it disabled.
609 Note that also "wlan0" gets "ipv6.ip6-privacy=1", because although the section
610 "[connection-wifi-wlan0]" matches the device, it does not contain that property
611 and the search continues.
614 When having different sections in multiple files, sections from files that are read
615 later have higher priority. So within one file the priority of the sections is
616 top-to-bottom. Across multiple files later definitions take precedence.
620 The following properties further control how a connection section applies.
623 <term><varname>match-device</varname></term>
624 <listitem><para>An optional device spec that restricts
625 when the section applies. See <xref linkend="device-spec"/>
626 for the possible values.
630 <term><varname>stop-match</varname></term>
631 <listitem><para>An optional boolean value which defaults to
632 <literal>no</literal>. If the section matches (based on
633 <literal>match-device</literal>), further sections will not be
634 considered even if the property in question is not present. In
635 the example above, if <literal>[connection-wifi-wlan0]</literal> would
636 have <literal>stop-match</literal> set to <literal>yes</literal>,
637 its <literal>ipv6.ip6-privacy</literal> value would be
647 <title><literal>connectivity</literal> section</title>
648 <para>This section controls NetworkManager's optional connectivity
649 checking functionality. This allows NetworkManager to detect
650 whether or not the system can actually access the internet or
651 whether it is behind a captive portal.</para>
656 <term><varname>uri</varname></term>
657 <listitem><para>The URI of a web page to periodically
658 request when connectivity is being checked. This page
659 should return the header "X-NetworkManager-Status" with a
660 value of "online". Alternatively, it's body content should
661 be set to "NetworkManager is online". The body content
662 check can be controlled by the <literal>response</literal>
663 option. If this option is blank or missing, connectivity
664 checking is disabled.
668 <term><varname>interval</varname></term>
669 <listitem><para>Specified in seconds; controls how often
670 connectivity is checked when a network connection exists. If
671 set to 0 connectivity checking is disabled. If missing, the
672 default is 300 seconds.</para></listitem>
675 <term><varname>response</varname></term>
676 <listitem><para>If set controls what body content
677 NetworkManager checks for when requesting the URI for
678 connectivity checking. If missing, defaults to
679 "NetworkManager is online" </para></listitem>
686 <title><literal>global-dns</literal> section</title>
687 <para>This section specifies global DNS settings that override
688 connection-specific configuration.</para>
692 <term><varname>searches</varname></term>
695 A list of search domains to be used during hostname lookup.
700 <term><varname>options</varname></term>
703 A list of of options to be passed to the hostname resolver.
712 <title><literal>global-dns-domain</literal> sections</title>
713 <para>Sections with a name starting with the "global-dns-domain-"
714 prefix allow to define global DNS configuration for specific
715 domains. The part of section name after "global-dns-domain-"
716 specifies the domain name a section applies to. More specific
717 domains have the precedence over less specific ones and the
718 default domain is represented by the wildcard "*". A default
719 domain section is mandatory.
724 <term><varname>servers</varname></term>
727 A list of addresses of DNS servers to be used for the given domain.
732 <term><varname>options</varname></term>
735 A list of domain-specific DNS options. Not used at the moment.
744 <title><literal>.config</literal> sections</title>
745 <para>This is a special section that contains options which apply
746 to the configuration file that contains the option.
751 <term><varname>enable</varname></term>
754 Defaults to "<literal>true</literal>". If "<literal>false</literal>",
755 the configuration file will be skipped during loading.
756 Note that the main configuration file <literal>NetworkManager.conf</literal>
759 # always skip loading the config file
765 You can also match against the version of NetworkManager. For example
766 the following are valid configurations:
768 # only load on version 1.0.6
770 enable=nm-version:1.0.6
772 # load on all versions 1.0.x, but not 1.2.x
774 enable=nm-version:1.0
776 # only load on versions >= 1.1.6. This does not match
777 # with version 1.2.0 or 1.4.4. Only the last digit is considered.
779 enable=nm-version-min:1.1.6
781 # only load on versions >= 1.2. Contrary to the previous
782 # example, this also matches with 1.2.0, 1.2.10, 1.4.4, etc.
784 enable=nm-version-min:1.2
786 # Match against the maximum allowed version. The example matches
787 # versions 1.2.0, 1.2.2, 1.2.4. Again, only the last version digit
788 # is allowed to be smaller. So this would not match match on 1.1.10.
790 enable=nm-version-max:1.2.6
794 You can also match against the value of the environment variable
795 <literal>NM_CONFIG_ENABLE_TAG</literal>, like:
797 # always skip loading the file when running NetworkManager with
798 # environment variable "NM_CONFIG_ENABLE_TAG=TAG1"
804 More then one match can be specified. The configuration will be
805 enabled if one of the predicates matches ("or"). The special prefix "except:" can
806 be used to negate the match. Note that if one except-predicate
807 matches, the entire configuration will be disabled.
808 In other words, a except predicate always wins over other predicates.
810 # enable the configuration either when the environment variable
811 # is present or the version is at least 1.2.0.
813 enable=env:TAG2,nm-version-min:1.2
815 # enable the configuration for version >= 1.2.0, but disable
816 # it when the environment variable is set to "TAG3"
818 enable=except:env:TAG3,nm-version-min:1.2
820 # enable the configuration on >= 1.3, >= 1.2.6, and >= 1.0.16.
821 # Useful if a certain feature is only present since those releases.
823 enable=nm-version-min:1.3,nm-version-min:1.2.6,nm-version-min:1.0.16
833 <title>Plugins</title>
837 <term><varname>keyfile</varname></term>
840 The <literal>keyfile</literal> plugin is the generic
841 plugin that supports all the connection types and
842 capabilities that NetworkManager has. It writes files out
843 in an .ini-style format in
844 /etc/NetworkManager/system-connections.
847 The stored connection file may contain passwords and
848 private keys, so it will be made readable only to root,
849 and the plugin will ignore files that are readable or
850 writable by any user or group other than root.
853 This plugin is always active, and will automatically be
854 used to store any connections that aren't supported by any
860 <term><varname>ifcfg-rh</varname></term>
863 This plugin is used on the Fedora and Red Hat Enterprise
864 Linux distributions to read and write configuration from
866 <filename>/etc/sysconfig/network-scripts/ifcfg-*</filename>
867 files. It currently supports reading Ethernet, Wi-Fi,
868 InfiniBand, VLAN, Bond, Bridge, and Team connections.
869 Enabling <literal>ifcfg-rh</literal> implicitly enables
870 <literal>ibft</literal> plugin, if it is available.
871 This can be disabled by adding <literal>no-ibft</literal>.
877 <term><varname>ifcfg-suse</varname></term>
880 This plugin is deprecated and its selection has no effect.
881 The <literal>keyfile</literal> plugin should be used
888 <term><varname>ifupdown</varname></term>
891 This plugin is used on the Debian and Ubuntu
892 distributions, and reads Ethernet and Wi-Fi connections
893 from <filename>/etc/network/interfaces</filename>.
896 This plugin is read-only; any connections (of any type)
897 added from within NetworkManager when you are using this
898 plugin will be saved using the <literal>keyfile</literal>
905 <term><varname>ibft</varname>, <varname>no-ibft</varname></term>
908 This plugin allows to read iBFT configuration (iSCSI Boot Firmware Table).
909 The configuration is read using /sbin/iscsiadm. Users are expected to
910 configure iBFT connections via the firmware interfaces.
911 If ibft support is available, it is automatically enabled after
912 <literal>ifcfg-rh</literal>. This can be disabled by <literal>no-ibft</literal>.
913 You can also explicitly specify <literal>ibft</literal> to load the
914 plugin without <literal>ifcfg-rh</literal> or to change the plugin order.
923 <title>Appendix</title>
924 <refsect2 id="device-spec">
925 <title>Device List Format</title>
927 The configuration options <literal>main.no-auto-default</literal>, <literal>main.ignore-carrier</literal>,
928 and <literal>keyfile.unmanaged-devices</literal> select devices based on a list of matchings.
929 Devices can be specified using the following format:
935 <listitem><para>Matches every device.</para></listitem>
939 <listitem><para>Case sensitive match of interface name of the device. Globbing is not supported.</para></listitem>
943 <listitem><para>Match the MAC address of the device. Globbing is not supported</para></listitem>
946 <term>interface-name:IFNAME</term>
947 <term>interface-name:~IFNAME</term>
948 <listitem><para>Case sensitive match of interface name of the device. Simple globbing is supported with
949 <literal>*</literal> and <literal>?</literal>. Ranges and escaping is not supported.</para></listitem>
952 <term>interface-name:=IFNAME</term>
953 <listitem><para>Case sensitive match of interface name of the device. Globbing is disabled and <literal>IFNAME</literal>
954 is taken literally.</para></listitem>
957 <term>mac:HWADDR</term>
958 <listitem><para>Match the MAC address of the device. Globbing is not supported</para></listitem>
961 <term>s390-subchannels:HWADDR</term>
962 <listitem><para>Match the device based on the subchannel address. Globbing is not supported</para></listitem>
965 <term>type:TYPE</term>
966 <listitem><para>Match the device type. Valid type names are as reported by "<literal>nmcli -f GENERAL.TYPE device show</literal>".
967 Globbing is not supported.</para></listitem>
970 <term>except:SPEC</term>
971 <listitem><para>Negative match of a device. <literal>SPEC</literal> must be explicitly qualified with
972 a prefix such as <literal>interface-name:</literal>. A negative match has higher priority then the positive
973 matches above.</para></listitem>
976 <term>SPEC[,;]SPEC</term>
977 <listitem><para>Multiple specs can be concatenated with commas or semicolons. The order does not matter as
978 matches are either inclusive or negative (<literal>except:</literal>), with negative matches having higher
981 <para>Backslash is supported to escape the separators ';' and ',', and to express special
982 characters such as newline ('\n'), tabulator ('\t'), whitespace ('\s') and backslash ('\\'). The globbing of
983 interface names cannot be escaped. Whitespace is not a separator but will be trimmed between
984 two specs (unless escaped as '\s').
994 mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth2
995 interface-name:vboxnet*,except:interface-name:vboxnet2
996 *,except:mac:00:22:68:1c:59:b1
1003 <title>See Also</title>
1005 <citerefentry><refentrytitle>NetworkManager</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
1006 <citerefentry><refentrytitle>nmcli</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1007 <citerefentry><refentrytitle>nmcli-examples</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1008 <citerefentry><refentrytitle>nm-online</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1009 <citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1010 <citerefentry><refentrytitle>nm-applet</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1011 <citerefentry><refentrytitle>nm-connection-editor</refentrytitle><manvolnum>1</manvolnum></citerefentry>