1NETWORKMANAGER.CONF(5)           Configuration          NETWORKMANAGER.CONF(5)
2
3
4

NAME

6       NetworkManager.conf - NetworkManager configuration file
7

SYNOPSIS

9       /etc/NetworkManager/NetworkManager.conf,
10       /etc/NetworkManager/conf.d/name.conf,
11       /run/NetworkManager/conf.d/name.conf,
12       /usr/lib/NetworkManager/conf.d/name.conf,
13       /var/lib/NetworkManager/NetworkManager-intern.conf
14

DESCRIPTION

16       NetworkManager.conf is the configuration file for NetworkManager. It is
17       used to set up various aspects of NetworkManager's behavior. The
18       location of the main file and configuration directories may be changed
19       through use of the --config, --config-dir, --system-config-dir, and
20       --intern-config argument for NetworkManager, respectively.
21
22       If a default NetworkManager.conf is provided by your distribution's
23       packages, you should not modify it, since your changes may get
24       overwritten by package updates. Instead, you can add additional .conf
25       files to the /etc/NetworkManager/conf.d directory. These will be read
26       in order, with later files overriding earlier ones. Packages might
27       install further configuration snippets to
28       /usr/lib/NetworkManager/conf.d. This directory is parsed first, even
29       before NetworkManager.conf. Scripts can also put per-boot configuration
30       into /run/NetworkManager/conf.d. This directory is parsed second, also
31       before NetworkManager.conf. The loading of a file
32       /run/NetworkManager/conf.d/name.conf can be prevented by adding a file
33       /etc/NetworkManager/conf.d/name.conf. Likewise, a file
34       /usr/lib/NetworkManager/conf.d/name.conf can be shadowed by putting a
35       file of the same name to either /etc/NetworkManager/conf.d or
36       /run/NetworkManager/conf.d.
37
38       NetworkManager can overwrite certain user configuration options via
39       D-Bus or other internal operations. In this case it writes those
40       changes to /var/lib/NetworkManager/NetworkManager-intern.conf. This
41       file is not intended to be modified by the user, but it is read last
42       and can shadow user configuration from NetworkManager.conf.
43
44       Certain settings from the configuration can be reloaded at runtime
45       either by sending SIGHUP signal or via D-Bus' Reload call.
46

FILE FORMAT

48       The configuration file format is so-called key file (sort of ini-style
49       format). It consists of sections (groups) of key-value pairs. Lines
50       beginning with a '#' and blank lines are considered comments. Sections
51       are started by a header line containing the section enclosed in '[' and
52       ']', and ended implicitly by the start of the next section or the end
53       of the file. Each key-value pair must be contained in a section.
54
55       For keys that take a list of devices as their value, you can specify
56       devices by their MAC addresses or interface names, or "*" to specify
57       all devices. See the section called “Device List Format” below.
58
59       Minimal system settings configuration file looks like this:
60
61           [main]
62           plugins=keyfile
63
64       As an extension to the normal keyfile format, you can also append a
65       value to a previously-set list-valued key by doing:
66
67           plugins+=another-plugin
68           plugins-=remove-me
69
70

MAIN SECTION

72       plugins
73           Lists system settings plugin names separated by ','. These plugins
74           are used to read and write system-wide connection profiles. When
75           multiple plugins are specified, the connections are read from all
76           listed plugins. When writing connections, the plugins will be asked
77           to save the connection in the order listed here; if the first
78           plugin cannot write out that connection type (or can't write out
79           any connections) the next plugin is tried, etc. If none of the
80           plugins can save the connection, an error is returned to the user.
81
82           The default value and the number of available plugins is
83           distro-specific. See the section called “PLUGINS” below for the
84           available plugins. Note that NetworkManager's native keyfile plugin
85           is always appended to the end of this list (if it doesn't already
86           appear earlier in the list).
87
88       monitor-connection-files
89           Whether the configured settings plugin(s) should set up file
90           monitors and immediately pick up changes made to connection files
91           while NetworkManager is running. This is disabled by default;
92           NetworkManager will only read the connection files at startup, and
93           when explicitly requested via the ReloadConnections D-Bus call. If
94           this key is set to 'true', then NetworkManager will reload
95           connection files any time they changed. Automatic reloading is not
96           advised because there are race conditions involved and it depends
97           on the way how the editor updates the file. In some situations,
98           NetworkManager might first delete and add the connection anew,
99           instead of updating the existing one. Also, NetworkManager might
100           pick up incomplete settings while the user is still editing the
101           files.
102
103       auth-polkit
104           Whether the system uses PolicyKit for authorization. If false, all
105           requests will be allowed. If true, non-root requests are authorized
106           using PolicyKit. The default value is true.
107
108       dhcp
109           This key sets up what DHCP client NetworkManager will use. Allowed
110           values are dhclient, dhcpcd, and internal. The dhclient and dhcpcd
111           options require the indicated clients to be installed. The internal
112           option uses a built-in DHCP client which is not currently as
113           featureful as the external clients.
114
115           If this key is missing, it defaults to internal. It the chosen
116           plugin is not available, clients are looked for in this order:
117           dhclient, dhcpcd, internal.
118
119       no-auto-default
120           Specify devices for which NetworkManager shouldn't create default
121           wired connection (Auto eth0). By default, NetworkManager creates a
122           temporary wired connection for any Ethernet device that is managed
123           and doesn't have a connection configured. List a device in this
124           option to inhibit creating the default connection for the device.
125           May have the special value * to apply to all devices.
126
127           When the default wired connection is deleted or saved to a new
128           persistent connection by a plugin, the device is added to a list in
129           the file /run/NetworkManager/no-auto-default.state to prevent
130           creating the default connection for that device again.
131
132           See the section called “Device List Format” for the syntax how to
133           specify a device.
134
135           Example:
136
137               no-auto-default=00:22:68:5c:5d:c4,00:1e:65:ff:aa:ee
138               no-auto-default=eth0,eth1
139               no-auto-default=*
140
141
142       ignore-carrier
143           This setting is deprecated for the per-device setting
144           ignore-carrier which overwrites this setting if specified (See
145           ignore-carrier). Otherwise, it is a list of matches to specify for
146           which device carrier should be ignored. See the section called
147           “Device List Format” for the syntax how to specify a device. Note
148           that master types like bond, bridge, and team ignore carrier by
149           default. You can however revert that default using the "except:"
150           specifier (or better, use the per-device setting instead of the
151           deprecated setting).
152
153       assume-ipv6ll-only
154           Specify devices for which NetworkManager will try to generate a
155           connection based on initial configuration when the device only has
156           an IPv6 link-local address.
157
158           See the section called “Device List Format” for the syntax how to
159           specify a device.
160
161       configure-and-quit
162           When set to 'true', NetworkManager quits after performing initial
163           network configuration but spawns small helpers to preserve DHCP
164           leases and IPv6 addresses. This is useful in environments where
165           network setup is more or less static or it is desirable to save
166           process time but still handle some dynamic configurations. When
167           this option is true, network configuration for WiFi, WWAN,
168           Bluetooth, ADSL, and PPPoE interfaces cannot be preserved due to
169           their use of external services, and these devices will be
170           deconfigured when NetworkManager quits even though other
171           interface's configuration may be preserved. Also, to preserve DHCP
172           addresses the 'dhcp' option must be set to 'internal'. The default
173           value of the 'configure-and-quit' option is 'false', meaning that
174           NetworkManager will continue running after initial network
175           configuration and continue responding to system and hardware
176           events, D-Bus requests, and user commands.
177
178       hostname-mode
179           Set the management mode of the hostname. This parameter will affect
180           only the transient hostname. If a valid static hostname is set,
181           NetworkManager will skip the update of the hostname despite the
182           value of this option. An hostname empty or equal to 'localhost',
183           'localhost6', 'localhost.localdomain' or 'localhost6.localdomain'
184           is considered invalid.
185
186           default: NetworkManager will update the hostname with the one
187           provided via DHCP on the main connection (the one with a default
188           route). If not present, the hostname will be updated to the last
189           one set outside NetworkManager. If it is not valid, NetworkManager
190           will try to recover the hostname from the reverse lookup of the IP
191           address of the main connection. If this fails too, the hostname
192           will be set to 'localhost.localdomain'.
193
194           dhcp: NetworkManager will update the transient hostname only with
195           information coming from DHCP. No fallback nor reverse lookup will
196           be performed, but when the dhcp connection providing the hostname
197           is deactivated, the hostname is reset to the last hostname set
198           outside NetworkManager or 'localhost' if none valid is there.
199
200           none: NetworkManager will not manage the transient hostname and
201           will never set it.
202
203       dns
204           Set the DNS (resolv.conf) processing mode. If the key is
205           unspecified, default is used, unless /etc/resolv.conf is a symlink
206           to /run/systemd/resolve/stub-resolv.conf,
207           /run/systemd/resolve/resolv.conf, /lib/systemd/resolv.conf or
208           /usr/lib/systemd/resolv.conf. In that case, systemd-resolved is
209           chosen automatically.
210
211           default: NetworkManager will update /etc/resolv.conf to reflect the
212           nameservers provided by currently active connections.
213
214           dnsmasq: NetworkManager will run dnsmasq as a local caching
215           nameserver, using a "split DNS" configuration if you are connected
216           to a VPN, and then update resolv.conf to point to the local
217           nameserver. It is possible to pass custom options to the dnsmasq
218           instance by adding them to files in the
219           "/etc/NetworkManager/dnsmasq.d/" directory. Note that when multiple
220           upstream servers are available, dnsmasq will initially contact them
221           in parallel and then use the fastest to respond, probing again
222           other servers after some time. This behavior can be modified
223           passing the 'all-servers' or 'strict-order' options to dnsmasq (see
224           the manual page for more details).
225
226           unbound: NetworkManager will talk to unbound and dnssec-triggerd,
227           providing a "split DNS" configuration with DNSSEC support.
228           /etc/resolv.conf will be managed by dnssec-trigger daemon.
229
230           systemd-resolved: NetworkManager will push the DNS configuration to
231           systemd-resolved
232
233           none: NetworkManager will not modify resolv.conf. This implies
234           rc-manager unmanaged
235
236       rc-manager
237           Set the resolv.conf management mode. The default value depends on
238           NetworkManager build options, and this version of NetworkManager
239           was build with a default of "symlink". Regardless of this setting,
240           NetworkManager will always write resolv.conf to its runtime state
241           directory /var/run/NetworkManager/resolv.conf.
242
243           symlink: If /etc/resolv.conf is a regular file, NetworkManager will
244           replace the file on update. If /etc/resolv.conf is instead a
245           symlink, NetworkManager will leave it alone. Unless the symlink
246           points to the internal file /var/run/NetworkManager/resolv.conf, in
247           which case the symlink will be updated to emit an inotify
248           notification. This allows the user to conveniently instruct
249           NetworkManager not to manage /etc/resolv.conf by replacing it with
250           a symlink.
251
252           file: NetworkManager will write /etc/resolv.conf as file. If it
253           finds a symlink to an existing target, it will follow the symlink
254           and update the target instead. In no case will an existing symlink
255           be replaced by a file. Note that older versions of NetworkManager
256           behaved differently and would replace dangling symlinks with a
257           plain file.
258
259           resolvconf: NetworkManager will run resolvconf to update the DNS
260           configuration.
261
262           netconfig: NetworkManager will run netconfig to update the DNS
263           configuration.
264
265           unmanaged: don't touch /etc/resolv.conf.
266
267           none: deprecated alias for symlink.
268
269       debug
270           Comma separated list of options to aid debugging. This value will
271           be combined with the environment variable NM_DEBUG. Currently the
272           following values are supported:
273
274           RLIMIT_CORE: set ulimit -c unlimited to write out core dumps.
275           Beware, that a core dump can contain sensitive information such as
276           passwords or configuration settings.
277
278           fatal-warnings: set g_log_set_always_fatal() to core dump on
279           warning messages from glib. This is equivalent to the
280           --g-fatal-warnings command line option.
281
282       autoconnect-retries-default
283           The number of times a connection activation should be automatically
284           tried before switching to another one. This value applies only to
285           connections that can auto-connect and have a
286           connection.autoconnect-retries property set to -1. If not
287           specified, connections will be tried 4 times. Setting this value to
288           1 means to try activation once, without retry.
289
290       slaves-order
291           This key specifies in which order slave connections are
292           auto-activated on boot or when the master activates them. Allowed
293           values are name (order connection by interface name, the default),
294           or index (order slaves by their kernel index).
295

KEYFILE SECTION

297       This section contains keyfile-plugin-specific options, and is normally
298       only used when you are not using any other distro-specific plugin.
299
300       hostname
301           This key is deprecated and has no effect since the hostname is now
302           stored in /etc/hostname or other system configuration files
303           according to build options.
304
305       path
306           The location where keyfiles are read and stored. This defaults to
307           "/etc/NetworkManager/system-connections".
308
309       unmanaged-devices
310           Set devices that should be ignored by NetworkManager.
311
312           See the section called “Device List Format” for the syntax how to
313           specify a device.
314
315           Example:
316
317               unmanaged-devices=interface-name:em4
318               unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth2
319
320

IFUPDOWN SECTION

322       This section contains ifupdown-specific options and thus only has
323       effect when using the ifupdown plugin.
324
325       managed
326           If set to true, then interfaces listed in /etc/network/interfaces
327           are managed by NetworkManager. If set to false, then any interface
328           listed in /etc/network/interfaces will be ignored by
329           NetworkManager. Remember that NetworkManager controls the default
330           route, so because the interface is ignored, NetworkManager may
331           assign the default route to some other interface.
332
333           The default value is false.
334

LOGGING SECTION

336       This section controls NetworkManager's logging. Any settings here are
337       overridden by the --log-level and --log-domains command-line options.
338
339       level
340           The default logging verbosity level. One of OFF, ERR, WARN, INFO,
341           DEBUG, TRACE. The ERR level logs only critical errors. WARN logs
342           warnings that may reflect operation. INFO logs various
343           informational messages that are useful for tracking state and
344           operations. DEBUG enables verbose logging for debugging purposes.
345           TRACE enables even more verbose logging then DEBUG level.
346           Subsequent levels also log all messages from earlier levels; thus
347           setting the log level to INFO also logs error and warning messages.
348
349       domains
350           The following log domains are available: PLATFORM, RFKILL, ETHER,
351           WIFI, BT, MB, DHCP4, DHCP6, PPP, WIFI_SCAN, IP4, IP6, AUTOIP4, DNS,
352           VPN, SHARING, SUPPLICANT, AGENTS, SETTINGS, SUSPEND, CORE, DEVICE,
353           OLPC, WIMAX, INFINIBAND, FIREWALL, ADSL, BOND, VLAN, BRIDGE,
354           DBUS_PROPS, TEAM, CONCHECK, DCB, DISPATCH, AUDIT, SYSTEMD,
355           VPN_PLUGIN, PROXY.
356
357           In addition, these special domains can be used: NONE, ALL, DEFAULT,
358           DHCP, IP.
359
360           You can specify per-domain log level overrides by adding a colon
361           and a log level to any domain. E.g., "WIFI:DEBUG,WIFI_SCAN:OFF".
362
363           Domain descriptions:
364               PLATFORM    : OS (platform) operations
365               RFKILL      : RFKill subsystem operations
366               ETHER       : Ethernet device operations
367               WIFI        : Wi-Fi device operations
368               BT          : Bluetooth operations
369               MB          : Mobile broadband operations
370               DHCP4       : DHCP for IPv4
371               DHCP6       : DHCP for IPv6
372               PPP         : Point-to-point protocol operations
373               WIFI_SCAN   : Wi-Fi scanning operations
374               IP4         : IPv4-related operations
375               IP6         : IPv6-related operations
376               AUTOIP4     : AutoIP operations
377               DNS         : Domain Name System related operations
378               VPN         : Virtual Private Network connections and
379               operations
380               SHARING     : Connection sharing. With TRACE level log queries
381               for dnsmasq instance
382               SUPPLICANT  : WPA supplicant related operations
383               AGENTS      : Secret agents operations and communication
384               SETTINGS    : Settings/config service operations
385               SUSPEND     : Suspend/resume
386               CORE        : Core daemon and policy operations
387               DEVICE      : Activation and general interface operations
388               OLPC        : OLPC Mesh device operations
389               WIMAX       : WiMAX device operations
390               INFINIBAND  : InfiniBand device operations
391               FIREWALL    : FirewallD related operations
392               ADSL        : ADSL device operations
393               BOND        : Bonding operations
394               VLAN        : VLAN operations
395               BRIDGE      : Bridging operations
396               DBUS_PROPS  : D-Bus property changes
397               TEAM        : Teaming operations
398               CONCHECK    : Connectivity check
399               DCB         : Data Center Bridging (DCB) operations
400               DISPATCH    : Dispatcher scripts
401               AUDIT       : Audit records
402               SYSTEMD     : Messages from internal libsystemd
403               VPN_PLUGIN  : logging messages from VPN plugins
404               PROXY       : logging messages for proxy handling
405
406               NONE        : when given by itself logging is disabled
407               ALL         : all log domains
408               DEFAULT     : default log domains
409               DHCP        : shortcut for "DHCP4,DHCP6"
410               IP          : shortcut for "IP4,IP6"
411
412               HW          : deprecated alias for "PLATFORM"
413
414           In general, the logfile should not contain passwords or private
415           data. However, you are always advised to check the file before
416           posting it online or attaching to a bug report.  VPN_PLUGIN is
417           special as it might reveal private information of the VPN plugins
418           with verbose levels. Therefore this domain will be excluded when
419           setting ALL or DEFAULT to more verbose levels then INFO.
420
421       backend
422           The logging backend. Supported values are "syslog" and "journal".
423           When NetworkManager is started with "--debug" in addition all
424           messages will be printed to stderr. If unspecified, the default is
425           "journal".
426
427       audit
428           Whether the audit records are delivered to auditd, the audit
429           daemon. If false, audit records will be sent only to the
430           NetworkManager logging system. If set to true, they will be also
431           sent to auditd. The default value is false.
432

CONNECTION SECTION

434       Specify default values for connections.
435
436       Example:
437
438           [connection]
439           ipv6.ip6-privacy=0
440
441
442   Supported Properties
443       Not all properties can be overwritten, only the following properties
444       are supported to have their default values configured (see nm-
445       settings(5) for details). A default value is only consulted if the
446       corresponding per-connection value explicitly allows for that.
447
448       connection.auth-retries
449           If left unspecified, the default value is 3 tries before failing
450           the connection.
451
452       connection.autoconnect-slaves
453
454       connection.lldp
455
456       connection.llmnr
457
458       connection.mdns
459
460       connection.stable-id
461
462       ethernet.cloned-mac-address
463           If left unspecified, it defaults to "preserve".
464
465       ethernet.generate-mac-address-mask
466
467       ethernet.mtu
468           If configured explicitly to 0, the MTU is not reconfigured during
469           device activation unless it is required due to IPv6 constraints. If
470           left unspecified, a DHCP/IPv6 SLAAC provided value is used or the
471           MTU is not reconfigured during activation.
472
473       ethernet.wake-on-lan
474
475       infiniband.mtu
476           If configured explicitly to 0, the MTU is not reconfigured during
477           device activation unless it is required due to IPv6 constraints. If
478           left unspecified, a DHCP/IPv6 SLAAC provided value is used or the
479           MTU is left unspecified on activation.
480
481       ip-tunnel.mtu
482           If configured explicitly to 0, the MTU is not reconfigured during
483           device activation unless it is required due to IPv6 constraints. If
484           left unspecified, a DHCP/IPv6 SLAAC provided value is used or a
485           default of 1500.
486
487       ipv4.dad-timeout
488
489       ipv4.dhcp-client-id
490
491       ipv4.dhcp-timeout
492           If left unspecified, the default value for the interface type is
493           used.
494
495       ipv4.route-metric
496
497       ipv4.route-table
498           If left unspecified, routes are only added to the main table. Note
499           that this is different from explicitly selecting the main table
500           254, because of how NetworkManager removes extraneous routes from
501           the tables.
502
503       ipv6.dhcp-duid
504           If left unspecified, it defaults to "lease".
505
506       ipv6.dhcp-timeout
507           If left unspecified, the default value for the interface type is
508           used.
509
510       ipv6.ip6-privacy
511           If ipv6.ip6-privacy is unset, use the content of
512           "/proc/sys/net/ipv6/conf/default/use_tempaddr" as last fallback.
513
514       ipv6.route-metric
515
516       ipv6.route-table
517           If left unspecified, routes are only added to the main table. Note
518           that this is different from explicitly selecting the main table
519           254, because of how NetworkManager removes extraneous routes from
520           the tables.
521
522       sriov.autoprobe-drivers
523           If left unspecified, drivers are autoprobed when the SR-IOV VF gets
524           created.
525
526       vpn.timeout
527           If left unspecified, default value of 60 seconds is used.
528
529       wifi.cloned-mac-address
530           If left unspecified, it defaults to "preserve".
531
532       wifi.generate-mac-address-mask
533
534       wifi.mac-address-randomization
535           If left unspecified, MAC address randomization is disabled. This
536           setting is deprecated for wifi.cloned-mac-address.
537
538       wifi.mtu
539           If configured explicitly to 0, the MTU is not reconfigured during
540           device activation unless it is required due to IPv6 constraints. If
541           left unspecified, a DHCP/IPv6 SLAAC provided value is used or a
542           default of 1500.
543
544       wifi.powersave
545           If left unspecified, the default value "ignore" will be used.
546
547       wifi-sec.pmf
548           If left unspecified, the default value "optional" will be used.
549
550       wifi-sec.fils
551           If left unspecified, the default value "optional" will be used.
552
553   Sections
554       You can configure multiple connection sections, by having different
555       sections with a name that all start with "connection". Example:
556
557           [connection]
558           ipv6.ip6-privacy=0
559           connection.autoconnect-slaves=1
560           vpn.timeout=120
561
562           [connection-wifi-wlan0]
563           match-device=interface-name:wlan0
564           ipv4.route-metric=50
565
566           [connection-wifi-other]
567           match-device=type:wifi
568           ipv4.route-metric=55
569           ipv6.ip6-privacy=1
570
571       The sections within one file are considered in order of appearance,
572       with the exception that the [connection] section is always considered
573       last. In the example above, this order is [connection-wifi-wlan0],
574       [connection-wlan-other], and [connection]. When checking for a default
575       configuration value, the sections are searched until the requested
576       value is found. In the example above, "ipv4.route-metric" for wlan0
577       interface is set to 50, and for all other Wi-Fi typed interfaces to 55.
578       Also, Wi-Fi devices would have IPv6 private addresses enabled by
579       default, but other devices would have it disabled. Note that also
580       "wlan0" gets "ipv6.ip6-privacy=1", because although the section
581       "[connection-wifi-wlan0]" matches the device, it does not contain that
582       property and the search continues.
583
584       When having different sections in multiple files, sections from files
585       that are read later have higher priority. So within one file the
586       priority of the sections is top-to-bottom. Across multiple files later
587       definitions take precedence.
588
589       The following properties further control how a connection section
590       applies.
591
592       match-device
593           An optional device spec that restricts when the section applies.
594           See the section called “Device List Format” for the possible
595           values.
596
597       stop-match
598           An optional boolean value which defaults to no. If the section
599           matches (based on match-device), further sections will not be
600           considered even if the property in question is not present. In the
601           example above, if [connection-wifi-wlan0] would have stop-match set
602           to yes, the device wlan0 would have ipv6.ip6-privacy property
603           unspecified. That is, the search for the property would not
604           continue in the connection sections [connection-wifi-other] or
605           [connection].
606

DEVICE SECTION

608       Contains per-device persistent configuration.
609
610       Example:
611
612           [device]
613           match-device=interface-name:eth3
614           managed=1
615
616
617   Supported Properties
618       The following properties can be configured per-device.
619
620       managed
621           Whether the device is managed or not. A device can be marked as
622           managed via udev rules (ENV{NM_UNMANAGED}), or via setting plugins
623           (keyfile.unmanaged-devices). This is yet another way. Note that
624           this configuration can be overruled at runtime via D-Bus. Also, it
625           has higher priority then udev rules.
626
627       carrier-wait-timeout
628           Specify the timeout for waiting for carrier in milliseconds. When
629           the device loses carrier, NetworkManager does not react
630           immediately. Instead, it waits for this timeout before considering
631           the link lost. Also, on startup, NetworkManager considers the
632           device as busy for this time, as long as the device has no carrier.
633           This delays startup-complete signal and NetworkManager-wait-online.
634           Configuring this too high means to block NetworkManager-wait-online
635           longer then necessary. Configuring it too low, means that
636           NetworkManager will declare startup-complete, although carrier is
637           about to come and auto-activation to kick in. The default is 5000
638           milliseconds.
639
640       ignore-carrier
641           Specify devices for which NetworkManager will (partially) ignore
642           the carrier state. Normally, for device types that support
643           carrier-detect, such as Ethernet and InfiniBand, NetworkManager
644           will only allow a connection to be activated on the device if
645           carrier is present (ie, a cable is plugged in), and it will
646           deactivate the device if carrier drops for more than a few seconds.
647
648           A device with carrier ignored will allow activating connections on
649           that device even when it does not have carrier, provided that the
650           connection uses only statically-configured IP addresses.
651           Additionally, it will allow any active connection (whether static
652           or dynamic) to remain active on the device when carrier is lost.
653
654           Note that the "carrier" property of NMDevices and device D-Bus
655           interfaces will still reflect the actual device state; it's just
656           that NetworkManager will not make use of that information.
657
658           Master types like bond, bridge and team ignore carrier by default,
659           while other device types react on carrier changes by default.
660
661           This setting overwrites the deprecated main.ignore-carrier setting
662           above.
663
664       wifi.scan-rand-mac-address
665           Configures MAC address randomization of a Wi-Fi device during
666           scanning. This defaults to yes in which case a random,
667           locally-administered MAC address will be used. The setting
668           wifi.scan-generate-mac-address-mask allows to influence the
669           generated MAC address to use certain vendor OUIs. If disabled, the
670           MAC address during scanning is left unchanged to whatever is
671           configured. For the configured MAC address while the device is
672           associated, see instead the per-connection setting
673           wifi.cloned-mac-address.
674
675       wifi.backend
676           Specify the Wi-Fi backend used for the device. Currently supported
677           are wpa_supplicant and iwd (experimental).
678
679       wifi.scan-generate-mac-address-mask
680           Like the per-connection settings ethernet.generate-mac-address-mask
681           and wifi.generate-mac-address-mask, this allows to configure the
682           generated MAC addresses during scanning. See nm-settings(5) for
683           details.
684
685       sriov-num-vfs
686           Specify the number of virtual functions (VF) to enable for a PCI
687           physical device that supports single-root I/O virtualization
688           (SR-IOV).
689
690   Sections
691       The [device] section works the same as the [connection] section. That
692       is, multiple sections that all start with the prefix "device" can be
693       specified. The settings "match-device" and "stop-match" are available
694       to match a device section on a device. The order of multiple sections
695       is also top-down within the file and later files overwrite previous
696       settings. See “Sections” under the section called “CONNECTION SECTION”
697       for details.
698

CONNECTIVITY SECTION

700       This section controls NetworkManager's optional connectivity checking
701       functionality. This allows NetworkManager to detect whether or not the
702       system can actually access the internet or whether it is behind a
703       captive portal.
704
705       uri
706           The URI of a web page to periodically request when connectivity is
707           being checked. This page should return the header
708           "X-NetworkManager-Status" with a value of "online". Alternatively,
709           its body content should be set to "NetworkManager is online". The
710           body content check can be controlled by the response option. If
711           this option is blank or missing, connectivity checking is disabled.
712
713       interval
714           Specified in seconds; controls how often connectivity is checked
715           when a network connection exists. If set to 0 connectivity checking
716           is disabled. If missing, the default is 300 seconds.
717
718       response
719           If set controls what body content NetworkManager checks for when
720           requesting the URI for connectivity checking. If missing, defaults
721           to "NetworkManager is online"
722

GLOBAL-DNS SECTION

724       This section specifies global DNS settings that override
725       connection-specific configuration.
726
727       searches
728           A list of search domains to be used during hostname lookup.
729
730       options
731           A list of of options to be passed to the hostname resolver.
732

GLOBAL-DNS-DOMAIN SECTIONS

734       Sections with a name starting with the "global-dns-domain-" prefix
735       allow to define global DNS configuration for specific domains. The part
736       of section name after "global-dns-domain-" specifies the domain name a
737       section applies to. More specific domains have the precedence over less
738       specific ones and the default domain is represented by the wildcard
739       "*". A default domain section is mandatory.
740
741       servers
742           A list of addresses of DNS servers to be used for the given domain.
743
744       options
745           A list of domain-specific DNS options. Not used at the moment.
746

.CONFIG SECTIONS

748       This is a special section that contains options which apply to the
749       configuration file that contains the option.
750
751       enable
752           Defaults to "true". If "false", the configuration file will be
753           skipped during loading. Note that the main configuration file
754           NetworkManager.conf cannot be disabled.
755
756               # always skip loading the config file
757               [.config]
758               enable=false
759
760           You can also match against the version of NetworkManager. For
761           example the following are valid configurations:
762
763               # only load on version 1.0.6
764               [.config]
765               enable=nm-version:1.0.6
766
767               # load on all versions 1.0.x, but not 1.2.x
768               [.config]
769               enable=nm-version:1.0
770
771               # only load on versions >= 1.1.6. This does not match
772               # with version 1.2.0 or 1.4.4. Only the last digit is considered.
773               [.config]
774               enable=nm-version-min:1.1.6
775
776               # only load on versions >= 1.2. Contrary to the previous
777               # example, this also matches with 1.2.0, 1.2.10, 1.4.4, etc.
778               [.config]
779               enable=nm-version-min:1.2
780
781               # Match against the maximum allowed version. The example matches
782               # versions 1.2.0, 1.2.2, 1.2.4. Again, only the last version digit
783               # is allowed to be smaller. So this would not match match on 1.1.10.
784               [.config]
785               enable=nm-version-max:1.2.6
786
787           You can also match against the value of the environment variable
788           NM_CONFIG_ENABLE_TAG, like:
789
790               # always skip loading the file when running NetworkManager with
791               # environment variable "NM_CONFIG_ENABLE_TAG=TAG1"
792               [.config]
793               enable=env:TAG1
794
795           More then one match can be specified. The configuration will be
796           enabled if one of the predicates matches ("or"). The special prefix
797           "except:" can be used to negate the match. Note that if one
798           except-predicate matches, the entire configuration will be
799           disabled. In other words, a except predicate always wins over other
800           predicates. If the setting only consists of "except:" matches and
801           none of the negative conditions are satisfied, the configuration is
802           still enabled.
803
804               # enable the configuration either when the environment variable
805               # is present or the version is at least 1.2.0.
806               [.config]
807               enable=env:TAG2,nm-version-min:1.2
808
809               # enable the configuration for version >= 1.2.0, but disable
810               # it when the environment variable is set to "TAG3"
811               [.config]
812               enable=except:env:TAG3,nm-version-min:1.2
813
814               # enable the configuration on >= 1.3, >= 1.2.6, and >= 1.0.16.
815               # Useful if a certain feature is only present since those releases.
816               [.config]
817               enable=nm-version-min:1.3,nm-version-min:1.2.6,nm-version-min:1.0.16
818
819

PLUGINS

821       Settings plugins for reading and writing connection profiles. The
822       number of available plugins is distribution specific.
823
824       keyfile
825           The keyfile plugin is the generic plugin that supports all the
826           connection types and capabilities that NetworkManager has. It
827           writes files out in an .ini-style format in
828           /etc/NetworkManager/system-connections. See nm-settings-keyfile(5)
829           for details about the file format.
830
831           The stored connection file may contain passwords, secrets and
832           private keys in plain text, so it will be made readable only to
833           root, and the plugin will ignore files that are readable or
834           writable by any user or group other than root. See "Secret flag
835           types" in nm-settings(5) for how to avoid storing passwords in
836           plain text.
837
838           This plugin is always active, and will automatically be used to
839           store any connections that aren't supported by any other active
840           plugin.
841
842       ifcfg-rh
843           This plugin is used on the Fedora and Red Hat Enterprise Linux
844           distributions to read and write configuration from the standard
845           /etc/sysconfig/network-scripts/ifcfg-* files. It currently supports
846           reading Ethernet, Wi-Fi, InfiniBand, VLAN, Bond, Bridge, and Team
847           connections. Enabling ifcfg-rh implicitly enables ibft plugin, if
848           it is available. This can be disabled by adding no-ibft. See
849           /usr/share/doc/initscripts/sysconfig.txt and nm-settings-ifcfg-
850           rh(5) for more information about the ifcfg file format.
851
852       ifupdown
853           This plugin is used on the Debian and Ubuntu distributions, and
854           reads Ethernet and Wi-Fi connections from /etc/network/interfaces.
855
856           This plugin is read-only; any connections (of any type) added from
857           within NetworkManager when you are using this plugin will be saved
858           using the keyfile plugin instead.
859
860       ibft, no-ibft
861           This plugin allows to read iBFT configuration (iSCSI Boot Firmware
862           Table). The configuration is read using /sbin/iscsiadm. Users are
863           expected to configure iBFT connections via the firmware interfaces.
864           If ibft support is available, it is automatically enabled after
865           ifcfg-rh. This can be disabled by no-ibft. You can also explicitly
866           specify ibft to load the plugin without ifcfg-rh or to change the
867           plugin order.
868
869           Note that ibft plugin uses /sbin/iscsiadm and thus requires
870           CAP_SYS_ADMIN capability.
871
872       ifcfg-suse, ifnet
873           These plugins are deprecated and their selection has no effect. The
874           keyfile plugin should be used instead.
875

APPENDIX

877   Device List Format
878       The configuration options main.no-auto-default, main.ignore-carrier,
879       keyfile.unmanaged-devices, connection*.match-device and
880       device*.match-device select devices based on a list of matchings.
881       Devices can be specified using the following format:
882
883       *
884           Matches every device.
885
886       IFNAME
887           Case sensitive match of interface name of the device. Globbing is
888           not supported.
889
890       HWADDR
891           Match the permanent MAC address of the device. Globbing is not
892           supported
893
894       interface-name:IFNAME, interface-name:~IFNAME
895           Case sensitive match of interface name of the device. Simple
896           globbing is supported with * and ?. Ranges and escaping is not
897           supported.
898
899       interface-name:=IFNAME
900           Case sensitive match of interface name of the device. Globbing is
901           disabled and IFNAME is taken literally.
902
903       mac:HWADDR
904           Match the permanent MAC address of the device. Globbing is not
905           supported
906
907       s390-subchannels:HWADDR
908           Match the device based on the subchannel address. Globbing is not
909           supported
910
911       type:TYPE
912           Match the device type. Valid type names are as reported by "nmcli
913           -f GENERAL.TYPE device show". Globbing is not supported.
914
915       driver:DRIVER
916           Match the device driver as reported by "nmcli -f
917           GENERAL.DRIVER,GENERAL.DRIVER-VERSION device show". "DRIVER" must
918           match the driver name exactly and does not support globbing.
919           Optionally, a driver version may be specified separated by '/'.
920           Globbing is supported for the version.
921
922       dhcp-plugin:DHCP
923           Match the configured DHCP plugin "main.dhcp".
924
925       except:SPEC
926           Negative match of a device.  SPEC must be explicitly qualified with
927           a prefix such as interface-name:. A negative match has higher
928           priority then the positive matches above.
929
930           If there is a list consisting only of negative matches, the
931           behavior is the same as if there is also match-all. That means, if
932           none of all the negative matches is satisfied, the overall result
933           is still a positive match. That means, "except:interface-name:eth0"
934           is the same as "*,except:interface-name:eth0".
935
936       SPEC[,;]SPEC
937           Multiple specs can be concatenated with commas or semicolons. The
938           order does not matter as matches are either inclusive or negative
939           (except:), with negative matches having higher priority.
940
941           Backslash is supported to escape the separators ';' and ',', and to
942           express special characters such as newline ('\n'), tabulator
943           ('\t'), whitespace ('\s') and backslash ('\\'). The globbing of
944           interface names cannot be escaped. Whitespace is not a separator
945           but will be trimmed between two specs (unless escaped as '\s').
946
947       Example:
948
949           interface-name:em4
950           mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth2
951           interface-name:vboxnet*,except:interface-name:vboxnet2
952           *,except:mac:00:22:68:1c:59:b1
953
954

SEE ALSO

956       NetworkManager(8), nmcli(1), nmcli-examples(7), nm-online(1), nm-
957       settings(5), nm-applet(1), nm-connection-editor(1)
958
959
960
961NetworkManager 1.14.0                                   NETWORKMANAGER.CONF(5)
Impressum