1NETWORKMANAGER.CONF(5) Configuration NETWORKMANAGER.CONF(5)
2
6 NetworkManager.conf - NetworkManager configuration file
7
9 /etc/NetworkManager/NetworkManager.conf,
10 /etc/NetworkManager/conf.d/name.conf,
11 /run/NetworkManager/conf.d/name.conf,
12 /usr/lib/NetworkManager/conf.d/name.conf,
13 /var/lib/NetworkManager/NetworkManager-intern.conf
14
16 NetworkManager.conf is the configuration file for NetworkManager. It is
17 used to set up various aspects of NetworkManager's behavior. The
18 location of the main file and configuration directories may be changed
19 through use of the --config, --config-dir, --system-config-dir, and
20 --intern-config argument for NetworkManager, respectively.
21 If a default NetworkManager.conf is provided by your distribution's
23 packages, you should not modify it, since your changes may get
24 overwritten by package updates. Instead, you can add additional .conf
25 files to the /etc/NetworkManager/conf.d directory. These will be read
26 in order, with later files overriding earlier ones. Packages might
27 install further configuration snippets to
28 /usr/lib/NetworkManager/conf.d. This directory is parsed first, even
29 before NetworkManager.conf. Scripts can also put per-boot configuration
30 into /run/NetworkManager/conf.d. This directory is parsed second, also
31 before NetworkManager.conf. The loading of a file
32 /run/NetworkManager/conf.d/name.conf can be prevented by adding a file
33 /etc/NetworkManager/conf.d/name.conf. Likewise, a file
34 /usr/lib/NetworkManager/conf.d/name.conf can be shadowed by putting a
35 file of the same name to either /etc/NetworkManager/conf.d or
36 /run/NetworkManager/conf.d.
37 NetworkManager can overwrite certain user configuration options via
39 D-Bus or other internal operations. In this case it writes those
40 changes to /var/lib/NetworkManager/NetworkManager-intern.conf. This
41 file is not intended to be modified by the user, but it is read last
42 and can shadow user configuration from NetworkManager.conf.
43 Certain settings from the configuration can be reloaded at runtime
45 either by sending SIGHUP signal or via D-Bus' Reload call.
46
48 The configuration file format is so-called key file (sort of ini-style
49 format). It consists of sections (groups) of key-value pairs. Lines
50 beginning with a '#' and blank lines are considered comments. Sections
51 are started by a header line containing the section enclosed in '[' and
52 ']', and ended implicitly by the start of the next section or the end
53 of the file. Each key-value pair must be contained in a section.
54 For keys that take a list of devices as their value, you can specify
56 devices by their MAC addresses or interface names, or "*" to specify
57 all devices. See the section called “Device List Format” below.
58 Minimal system settings configuration file looks like this:
60 [main]
62 plugins=keyfile
63 As an extension to the normal keyfile format, you can also append a
65 value to a previously-set list-valued key by doing:
66 plugins+=another-plugin
68 plugins-=remove-me
69
72 plugins
73 Lists system settings plugin names separated by ','. These plugins
74 are used to read and write system-wide connection profiles. When
75 multiple plugins are specified, the connections are read from all
76 listed plugins. When writing connections, the plugins will be asked
77 to save the connection in the order listed here; if the first
78 plugin cannot write out that connection type (or can't write out
79 any connections) the next plugin is tried, etc. If none of the
80 plugins can save the connection, an error is returned to the user.
81 The default value and the number of available plugins is
83 distro-specific. See the section called “PLUGINS” below for the
84 available plugins. Note that NetworkManager's native keyfile plugin
85 is always appended to the end of this list (if it doesn't already
86 appear earlier in the list).
87 monitor-connection-files
89 Whether the configured settings plugin(s) should set up file
90 monitors and immediately pick up changes made to connection files
91 while NetworkManager is running. This is disabled by default;
92 NetworkManager will only read the connection files at startup, and
93 when explicitly requested via the ReloadConnections D-Bus call. If
94 this key is set to 'true', then NetworkManager will reload
95 connection files any time they changed. Automatic reloading is not
96 advised because there are race conditions involved and it depends
97 on the way how the editor updates the file. In some situations,
98 NetworkManager might first delete and add the connection anew,
99 instead of updating the existing one. Also, NetworkManager might
100 pick up incomplete settings while the user is still editing the
101 files.
102 auth-polkit
104 Whether the system uses PolicyKit for authorization. If false, all
105 requests will be allowed. If true, non-root requests are authorized
106 using PolicyKit. The default value is true.
107 dhcp
109 This key sets up what DHCP client NetworkManager will use. Allowed
110 values are dhclient, dhcpcd, and internal. The dhclient and dhcpcd
111 options require the indicated clients to be installed. The internal
112 option uses a built-in DHCP client which is not currently as
113 featureful as the external clients.
114 If this key is missing, it defaults to dhclient. It the chosen
116 plugin is not available, clients are looked for in this order:
117 dhclient, dhcpcd, internal.
118 no-auto-default
120 Specify devices for which NetworkManager shouldn't create default
121 wired connection (Auto eth0). By default, NetworkManager creates a
122 temporary wired connection for any Ethernet device that is managed
123 and doesn't have a connection configured. List a device in this
124 option to inhibit creating the default connection for the device.
125 May have the special value * to apply to all devices.
126 When the default wired connection is deleted or saved to a new
128 persistent connection by a plugin, the device is added to a list in
129 the file /run/NetworkManager/no-auto-default.state to prevent
130 creating the default connection for that device again.
131 See the section called “Device List Format” for the syntax how to
133 specify a device.
134 Example:
136 no-auto-default=00:22:68:5c:5d:c4,00:1e:65:ff:aa:ee
138 no-auto-default=eth0,eth1
139 no-auto-default=*
140 ignore-carrier
143 This setting is deprecated for the per-device setting
144 ignore-carrier which overwrites this setting if specified (See
145 ignore-carrier). Otherwise, it is a list of matches to specify for
146 which device carrier should be ignored. See the section called
147 “Device List Format” for the syntax how to specify a device. Note
148 that master types like bond, bridge, and team ignore carrier by
149 default. You can however revert that default using the "except:"
150 specifier (or better, use the per-device setting instead of the
151 deprecated setting).
152 assume-ipv6ll-only
154 Specify devices for which NetworkManager will try to generate a
155 connection based on initial configuration when the device only has
156 an IPv6 link-local address.
157 See the section called “Device List Format” for the syntax how to
159 specify a device.
160 configure-and-quit
162 When set to 'true', NetworkManager quits after performing initial
163 network configuration but spawns small helpers to preserve DHCP
164 leases and IPv6 addresses. This is useful in environments where
165 network setup is more or less static or it is desirable to save
166 process time but still handle some dynamic configurations. When
167 this option is true, network configuration for WiFi, WWAN,
168 Bluetooth, ADSL, and PPPoE interfaces cannot be preserved due to
169 their use of external services, and these devices will be
170 deconfigured when NetworkManager quits even though other
171 interface's configuration may be preserved. Also, to preserve DHCP
172 addresses the 'dhcp' option must be set to 'internal'. The default
173 value of the 'configure-and-quit' option is 'false', meaning that
174 NetworkManager will continue running after initial network
175 configuration and continue responding to system and hardware
176 events, D-Bus requests, and user commands.
177 hostname-mode
179 Set the management mode of the hostname. This parameter will affect
180 only the transient hostname. If a valid static hostname is set,
181 NetworkManager will skip the update of the hostname despite the
182 value of this option. An hostname empty or equal to 'localhost',
183 'localhost6', 'localhost.localdomain' or 'localhost6.localdomain'
184 is considered invalid.
185 default: NetworkManager will update the hostname with the one
187 provided via DHCP on the main connection (the one with a default
188 route). If not present, the hostname will be updated to the last
189 one set outside NetworkManager. If it is not valid, NetworkManager
190 will try to recover the hostname from the reverse lookup of the IP
191 address of the main connection. If this fails too, the hostname
192 will be set to 'localhost.localdomain'.
193 dhcp: NetworkManager will update the transient hostname only with
195 information coming from DHCP. No fallback nor reverse lookup will
196 be performed, but when the dhcp connection providing the hostname
197 is deactivated, the hostname is reset to the last hostname set
198 outside NetworkManager or 'localhost' if none valid is there.
199 none: NetworkManager will not manage the transient hostname and
201 will never set it.
202 dns
204 Set the DNS (resolv.conf) processing mode. If the key is
205 unspecified, default is used, unless /etc/resolv.conf is a symlink
206 to /run/systemd/resolve/stub-resolv.conf,
207 /run/systemd/resolve/resolv.conf, /lib/systemd/resolv.conf or
208 /usr/lib/systemd/resolv.conf. In that case, systemd-resolved is
209 chosen automatically.
210 default: NetworkManager will update /etc/resolv.conf to reflect the
212 nameservers provided by currently active connections.
213 dnsmasq: NetworkManager will run dnsmasq as a local caching
215 nameserver, using a "split DNS" configuration if you are connected
216 to a VPN, and then update resolv.conf to point to the local
217 nameserver. It is possible to pass custom options to the dnsmasq
218 instance by adding them to files in the
219 "/etc/NetworkManager/dnsmasq.d/" directory. Note that when multiple
220 upstream servers are available, dnsmasq will initially contact them
221 in parallel and then use the fastest to respond, probing again
222 other servers after some time. This behavior can be modified
223 passing the 'all-servers' or 'strict-order' options to dnsmasq (see
224 the manual page for more details).
225 unbound: NetworkManager will talk to unbound and dnssec-triggerd,
227 providing a "split DNS" configuration with DNSSEC support.
228 /etc/resolv.conf will be managed by dnssec-trigger daemon.
229 systemd-resolved: NetworkManager will push the DNS configuration to
231 systemd-resolved
232 none: NetworkManager will not modify resolv.conf. This implies
234 rc-manager unmanaged
235 rc-manager
237 Set the resolv.conf management mode. The default value depends on
238 NetworkManager build options, and this version of NetworkManager
239 was build with a default of "file". Regardless of this setting,
240 NetworkManager will always write resolv.conf to its runtime state
241 directory /var/run/NetworkManager/resolv.conf.
242 symlink: If /etc/resolv.conf is a regular file, NetworkManager will
244 replace the file on update. If /etc/resolv.conf is instead a
245 symlink, NetworkManager will leave it alone. Unless the symlink
246 points to the internal file /var/run/NetworkManager/resolv.conf, in
247 which case the symlink will be updated to emit an inotify
248 notification. This allows the user to conveniently instruct
249 NetworkManager not to manage /etc/resolv.conf by replacing it with
250 a symlink.
251 file: NetworkManager will write /etc/resolv.conf as file. If it
253 finds a symlink to an existing target, it will follow the symlink
254 and update the target instead. In no case will an existing symlink
255 be replaced by a file. Note that older versions of NetworkManager
256 behaved differently and would replace dangling symlinks with a
257 plain file.
258 resolvconf: NetworkManager will run resolvconf to update the DNS
260 configuration.
261 netconfig: NetworkManager will run netconfig to update the DNS
263 configuration.
264 unmanaged: don't touch /etc/resolv.conf.
266 none: deprecated alias for symlink.
268 debug
270 Comma separated list of options to aid debugging. This value will
271 be combined with the environment variable NM_DEBUG. Currently the
272 following values are supported:
273 RLIMIT_CORE: set ulimit -c unlimited to write out core dumps.
275 Beware, that a core dump can contain sensitive information such as
276 passwords or configuration settings.
277 fatal-warnings: set g_log_set_always_fatal() to core dump on
279 warning messages from glib. This is equivalent to the
280 --g-fatal-warnings command line option.
281 autoconnect-retries-default
283 The number of times a connection activation should be automatically
284 tried before switching to another one. This value applies only to
285 connections that can auto-connect and have a
286 connection.autoconnect-retries property set to -1. If not
287 specified, connections will be tried 4 times. Setting this value to
288 1 means to try activation once, without retry.
289 slaves-order
291 This key specifies in which order slave connections are
292 auto-activated on boot or when the master activates them. Allowed
293 values are name (order connection by interface name, the default),
294 or index (order slaves by their kernel index).
295
297 This section contains keyfile-plugin-specific options, and is normally
298 only used when you are not using any other distro-specific plugin.
299 hostname
301 This key is deprecated and has no effect since the hostname is now
302 stored in /etc/hostname or other system configuration files
303 according to build options.
304 path
306 The location where keyfiles are read and stored. This defaults to
307 "/etc/NetworkManager/system-connections".
308 unmanaged-devices
310 Set devices that should be ignored by NetworkManager.
311 See the section called “Device List Format” for the syntax how to
313 specify a device.
314 Example:
316 unmanaged-devices=interface-name:em4
318 unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth2
319
322 This section contains ifupdown-specific options and thus only has
323 effect when using the ifupdown plugin.
324 managed
326 If set to true, then interfaces listed in /etc/network/interfaces
327 are managed by NetworkManager. If set to false, then any interface
328 listed in /etc/network/interfaces will be ignored by
329 NetworkManager. Remember that NetworkManager controls the default
330 route, so because the interface is ignored, NetworkManager may
331 assign the default route to some other interface.
332 The default value is false.
334
336 This section controls NetworkManager's logging. Any settings here are
337 overridden by the --log-level and --log-domains command-line options.
338 level
340 The default logging verbosity level. One of OFF, ERR, WARN, INFO,
341 DEBUG, TRACE. The ERR level logs only critical errors. WARN logs
342 warnings that may reflect operation. INFO logs various
343 informational messages that are useful for tracking state and
344 operations. DEBUG enables verbose logging for debugging purposes.
345 TRACE enables even more verbose logging then DEBUG level.
346 Subsequent levels also log all messages from earlier levels; thus
347 setting the log level to INFO also logs error and warning messages.
348 domains
350 The following log domains are available: PLATFORM, RFKILL, ETHER,
351 WIFI, BT, MB, DHCP4, DHCP6, PPP, WIFI_SCAN, IP4, IP6, AUTOIP4, DNS,
352 VPN, SHARING, SUPPLICANT, AGENTS, SETTINGS, SUSPEND, CORE, DEVICE,
353 OLPC, WIMAX, INFINIBAND, FIREWALL, ADSL, BOND, VLAN, BRIDGE,
354 DBUS_PROPS, TEAM, CONCHECK, DCB, DISPATCH, AUDIT, SYSTEMD,
355 VPN_PLUGIN, PROXY.
356 In addition, these special domains can be used: NONE, ALL, DEFAULT,
358 DHCP, IP.
359 You can specify per-domain log level overrides by adding a colon
361 and a log level to any domain. E.g., "WIFI:DEBUG,WIFI_SCAN:OFF".
362 Domain descriptions:
364 PLATFORM : OS (platform) operations
365 RFKILL : RFKill subsystem operations
366 ETHER : Ethernet device operations
367 WIFI : Wi-Fi device operations
368 BT : Bluetooth operations
369 MB : Mobile broadband operations
370 DHCP4 : DHCP for IPv4
371 DHCP6 : DHCP for IPv6
372 PPP : Point-to-point protocol operations
373 WIFI_SCAN : Wi-Fi scanning operations
374 IP4 : IPv4-related operations
375 IP6 : IPv6-related operations
376 AUTOIP4 : AutoIP operations
377 DNS : Domain Name System related operations
378 VPN : Virtual Private Network connections and
379 operations
380 SHARING : Connection sharing. With TRACE level log queries
381 for dnsmasq instance
382 SUPPLICANT : WPA supplicant related operations
383 AGENTS : Secret agents operations and communication
384 SETTINGS : Settings/config service operations
385 SUSPEND : Suspend/resume
386 CORE : Core daemon and policy operations
387 DEVICE : Activation and general interface operations
388 OLPC : OLPC Mesh device operations
389 WIMAX : WiMAX device operations
390 INFINIBAND : InfiniBand device operations
391 FIREWALL : FirewallD related operations
392 ADSL : ADSL device operations
393 BOND : Bonding operations
394 VLAN : VLAN operations
395 BRIDGE : Bridging operations
396 DBUS_PROPS : D-Bus property changes
397 TEAM : Teaming operations
398 CONCHECK : Connectivity check
399 DCB : Data Center Bridging (DCB) operations
400 DISPATCH : Dispatcher scripts
401 AUDIT : Audit records
402 SYSTEMD : Messages from internal libsystemd
403 VPN_PLUGIN : logging messages from VPN plugins
404 PROXY : logging messages for proxy handling
405 NONE : when given by itself logging is disabled
407 ALL : all log domains
408 DEFAULT : default log domains
409 DHCP : shortcut for "DHCP4,DHCP6"
410 IP : shortcut for "IP4,IP6"
411 HW : deprecated alias for "PLATFORM"
413 In general, the logfile should not contain passwords or private
415 data. However, you are always advised to check the file before
416 posting it online or attaching to a bug report. VPN_PLUGIN is
417 special as it might reveal private information of the VPN plugins
418 with verbose levels. Therefore this domain will be excluded when
419 setting ALL or DEFAULT to more verbose levels then INFO.
420 backend
422 The logging backend. Supported values are "syslog" and "journal".
423 When NetworkManager is started with "--debug" in addition all
424 messages will be printed to stderr. If unspecified, the default is
425 "syslog".
426 audit
428 Whether the audit records are delivered to auditd, the audit
429 daemon. If false, audit records will be sent only to the
430 NetworkManager logging system. If set to true, they will be also
431 sent to auditd. The default value is false.
432
434 Specify default values for connections.
435 Example:
437 [connection]
439 ipv6.ip6-privacy=0
440 Supported Properties
443 Not all properties can be overwritten, only the following properties
444 are supported to have their default values configured (see nm-
445 settings(5) for details). A default value is only consulted if the
446 corresponding per-connection value explicitly allows for that.
447 connection.auth-retries
449 If left unspecified, the default value is 3 tries before failing
450 the connection.
451 connection.autoconnect-slaves
453 connection.lldp
455 connection.mdns
457 connection.stable-id
459 ethernet.cloned-mac-address
461 If left unspecified, it defaults to "permanent".
462 ethernet.generate-mac-address-mask
464 ethernet.mtu
466 If configured explicitly to 0, the MTU is not reconfigured during
467 device activation unless it is required due to IPv6 constraints. If
468 left unspecified, a DHCP/IPv6 SLAAC provided value is used or the
469 MTU is not reconfigured during activation.
470 ethernet.wake-on-lan
472 infiniband.mtu
474 If configured explicitly to 0, the MTU is not reconfigured during
475 device activation unless it is required due to IPv6 constraints. If
476 left unspecified, a DHCP/IPv6 SLAAC provided value is used or the
477 MTU is left unspecified on activation.
478 ip-tunnel.mtu
480 If configured explicitly to 0, the MTU is not reconfigured during
481 device activation unless it is required due to IPv6 constraints. If
482 left unspecified, a DHCP/IPv6 SLAAC provided value is used or a
483 default of 1500.
484 ipv4.dad-timeout
486 ipv4.dhcp-client-id
488 ipv4.dhcp-timeout
490 If left unspecified, the default value for the interface type is
491 used.
492 ipv4.route-metric
494 ipv4.route-table
496 If left unspecified, routes are only added to the main table. Note
497 that this is different from explicitly selecting the main table
498 254, because of how NetworkManager removes extraneous routes from
499 the tables.
500 ipv6.dhcp-duid
502 If left unspecified, it defaults to "lease".
503 ipv6.dhcp-timeout
505 If left unspecified, the default value for the interface type is
506 used.
507 ipv6.ip6-privacy
509 If ipv6.ip6-privacy is unset, use the content of
510 "/proc/sys/net/ipv6/conf/default/use_tempaddr" as last fallback.
511 ipv6.route-metric
513 ipv6.route-table
515 If left unspecified, routes are only added to the main table. Note
516 that this is different from explicitly selecting the main table
517 254, because of how NetworkManager removes extraneous routes from
518 the tables.
519 vpn.timeout
521 If left unspecified, default value of 60 seconds is used.
522 wifi.cloned-mac-address
524 If left unspecified, it defaults to "permanent".
525 wifi.generate-mac-address-mask
527 wifi.mac-address-randomization
529 If left unspecified, MAC address randomization is disabled. This
530 setting is deprecated for wifi.cloned-mac-address.
531 wifi.mtu
533 If configured explicitly to 0, the MTU is not reconfigured during
534 device activation unless it is required due to IPv6 constraints. If
535 left unspecified, a DHCP/IPv6 SLAAC provided value is used or a
536 default of 1500.
537 wifi.powersave
539 If left unspecified, the default value "ignore" will be used.
540 wifi-sec.pmf
542 If left unspecified, the default value "optional" will be used.
543 wifi-sec.fils
545 If left unspecified, the default value "optional" will be used.
546 Sections
548 You can configure multiple connection sections, by having different
549 sections with a name that all start with "connection". Example:
550 [connection]
552 ipv6.ip6-privacy=0
553 connection.autoconnect-slaves=1
554 vpn.timeout=120
555 [connection-wifi-wlan0]
557 match-device=interface-name:wlan0
558 ipv4.route-metric=50
559 [connection-wifi-other]
561 match-device=type:wifi
562 ipv4.route-metric=55
563 ipv6.ip6-privacy=1
564 The sections within one file are considered in order of appearance,
566 with the exception that the [connection] section is always considered
567 last. In the example above, this order is [connection-wifi-wlan0],
568 [connection-wlan-other], and [connection]. When checking for a default
569 configuration value, the sections are searched until the requested
570 value is found. In the example above, "ipv4.route-metric" for wlan0
571 interface is set to 50, and for all other Wi-Fi typed interfaces to 55.
572 Also, Wi-Fi devices would have IPv6 private addresses enabled by
573 default, but other devices would have it disabled. Note that also
574 "wlan0" gets "ipv6.ip6-privacy=1", because although the section
575 "[connection-wifi-wlan0]" matches the device, it does not contain that
576 property and the search continues.
577 When having different sections in multiple files, sections from files
579 that are read later have higher priority. So within one file the
580 priority of the sections is top-to-bottom. Across multiple files later
581 definitions take precedence.
582 The following properties further control how a connection section
584 applies.
585 match-device
587 An optional device spec that restricts when the section applies.
588 See the section called “Device List Format” for the possible
589 values.
590 stop-match
592 An optional boolean value which defaults to no. If the section
593 matches (based on match-device), further sections will not be
594 considered even if the property in question is not present. In the
595 example above, if [connection-wifi-wlan0] would have stop-match set
596 to yes, the device wlan0 would have ipv6.ip6-privacy property
597 unspecified. That is, the search for the property would not
598 continue in the connection sections [connection-wifi-other] or
599 [connection].
600
602 Contains per-device persistent configuration.
603 Example:
605 [device]
607 match-device=interface-name:eth3
608 managed=1
609 Supported Properties
612 The following properties can be configured per-device.
613 managed
615 Whether the device is managed or not. A device can be marked as
616 managed via udev rules (ENV{NM_UNMANAGED}), or via setting plugins
617 (keyfile.unmanaged-devices). This is yet another way. Note that
618 this configuration can be overruled at runtime via D-Bus. Also, it
619 has higher priority then udev rules.
620 carrier-wait-timeout
622 Specify the timeout for waiting for carrier in milliseconds. When
623 the device loses carrier, NetworkManager does not react
624 immediately. Instead, it waits for this timeout before considering
625 the link lost. Also, on startup, NetworkManager considers the
626 device as busy for this time, as long as the device has no carrier.
627 This delays startup-complete signal and NetworkManager-wait-online.
628 Configuring this too high means to block NetworkManager-wait-online
629 longer then necessary. Configuring it too low, means that
630 NetworkManager will declare startup-complete, although carrier is
631 about to come and auto-activation to kick in. The default is 5000
632 milliseconds.
633 ignore-carrier
635 Specify devices for which NetworkManager will (partially) ignore
636 the carrier state. Normally, for device types that support
637 carrier-detect, such as Ethernet and InfiniBand, NetworkManager
638 will only allow a connection to be activated on the device if
639 carrier is present (ie, a cable is plugged in), and it will
640 deactivate the device if carrier drops for more than a few seconds.
641 A device with carrier ignored will allow activating connections on
643 that device even when it does not have carrier, provided that the
644 connection uses only statically-configured IP addresses.
645 Additionally, it will allow any active connection (whether static
646 or dynamic) to remain active on the device when carrier is lost.
647 Note that the "carrier" property of NMDevices and device D-Bus
649 interfaces will still reflect the actual device state; it's just
650 that NetworkManager will not make use of that information.
651 Master types like bond, bridge and team ignore carrier by default,
653 while other device types react on carrier changes by default.
654 This setting overwrites the deprecated main.ignore-carrier setting
656 above.
657 wifi.scan-rand-mac-address
659 Configures MAC address randomization of a Wi-Fi device during
660 scanning. This defaults to yes in which case a random,
661 locally-administered MAC address will be used. The setting
662 wifi.scan-generate-mac-address-mask allows to influence the
663 generated MAC address to use certain vendor OUIs. If disabled, the
664 MAC address during scanning is left unchanged to whatever is
665 configured. For the configured MAC address while the device is
666 associated, see instead the per-connection setting
667 wifi.cloned-mac-address.
668 wifi.backend
670 Specify the Wi-Fi backend used for the device. Currently supported
671 are wpa_supplicant and iwd (experimental).
672 wifi.scan-generate-mac-address-mask
674 Like the per-connection settings ethernet.generate-mac-address-mask
675 and wifi.generate-mac-address-mask, this allows to configure the
676 generated MAC addresses during scanning. See nm-settings(5) for
677 details.
678 sriov-num-vfs
680 Specify the number of virtual functions (VF) to enable for a PCI
681 physical device that supports single-root I/O virtualization
682 (SR-IOV).
683 Sections
685 The [device] section works the same as the [connection] section. That
686 is, multiple sections that all start with the prefix "device" can be
687 specified. The settings "match-device" and "stop-match" are available
688 to match a device section on a device. The order of multiple sections
689 is also top-down within the file and later files overwrite previous
690 settings. See “Sections” under the section called “CONNECTION SECTION”
691 for details.
692
694 This section controls NetworkManager's optional connectivity checking
695 functionality. This allows NetworkManager to detect whether or not the
696 system can actually access the internet or whether it is behind a
697 captive portal.
698 uri
700 The URI of a web page to periodically request when connectivity is
701 being checked. This page should return the header
702 "X-NetworkManager-Status" with a value of "online". Alternatively,
703 its body content should be set to "NetworkManager is online". The
704 body content check can be controlled by the response option. If
705 this option is blank or missing, connectivity checking is disabled.
706 interval
708 Specified in seconds; controls how often connectivity is checked
709 when a network connection exists. If set to 0 connectivity checking
710 is disabled. If missing, the default is 300 seconds.
711 response
713 If set controls what body content NetworkManager checks for when
714 requesting the URI for connectivity checking. If missing, defaults
715 to "NetworkManager is online"
716
718 This section specifies global DNS settings that override
719 connection-specific configuration.
720 searches
722 A list of search domains to be used during hostname lookup.
723 options
725 A list of of options to be passed to the hostname resolver.
726
728 Sections with a name starting with the "global-dns-domain-" prefix
729 allow to define global DNS configuration for specific domains. The part
730 of section name after "global-dns-domain-" specifies the domain name a
731 section applies to. More specific domains have the precedence over less
732 specific ones and the default domain is represented by the wildcard
733 "*". A default domain section is mandatory.
734 servers
736 A list of addresses of DNS servers to be used for the given domain.
737 options
739 A list of domain-specific DNS options. Not used at the moment.
740
742 This is a special section that contains options which apply to the
743 configuration file that contains the option.
744 enable
746 Defaults to "true". If "false", the configuration file will be
747 skipped during loading. Note that the main configuration file
748 NetworkManager.conf cannot be disabled.
749 # always skip loading the config file
751 [.config]
752 enable=false
753 You can also match against the version of NetworkManager. For
755 example the following are valid configurations:
756 # only load on version 1.0.6
758 [.config]
759 enable=nm-version:1.0.6
760 # load on all versions 1.0.x, but not 1.2.x
762 [.config]
763 enable=nm-version:1.0
764 # only load on versions >= 1.1.6. This does not match
766 # with version 1.2.0 or 1.4.4. Only the last digit is considered.
767 [.config]
768 enable=nm-version-min:1.1.6
769 # only load on versions >= 1.2. Contrary to the previous
771 # example, this also matches with 1.2.0, 1.2.10, 1.4.4, etc.
772 [.config]
773 enable=nm-version-min:1.2
774 # Match against the maximum allowed version. The example matches
776 # versions 1.2.0, 1.2.2, 1.2.4. Again, only the last version digit
777 # is allowed to be smaller. So this would not match match on 1.1.10.
778 [.config]
779 enable=nm-version-max:1.2.6
780 You can also match against the value of the environment variable
782 NM_CONFIG_ENABLE_TAG, like:
783 # always skip loading the file when running NetworkManager with
785 # environment variable "NM_CONFIG_ENABLE_TAG=TAG1"
786 [.config]
787 enable=env:TAG1
788 More then one match can be specified. The configuration will be
790 enabled if one of the predicates matches ("or"). The special prefix
791 "except:" can be used to negate the match. Note that if one
792 except-predicate matches, the entire configuration will be
793 disabled. In other words, a except predicate always wins over other
794 predicates.
795 # enable the configuration either when the environment variable
797 # is present or the version is at least 1.2.0.
798 [.config]
799 enable=env:TAG2,nm-version-min:1.2
800 # enable the configuration for version >= 1.2.0, but disable
802 # it when the environment variable is set to "TAG3"
803 [.config]
804 enable=except:env:TAG3,nm-version-min:1.2
805 # enable the configuration on >= 1.3, >= 1.2.6, and >= 1.0.16.
807 # Useful if a certain feature is only present since those releases.
808 [.config]
809 enable=nm-version-min:1.3,nm-version-min:1.2.6,nm-version-min:1.0.16
810
813 Settings plugins for reading and writing connection profiles. The
814 number of available plugins is distribution specific.
815 keyfile
817 The keyfile plugin is the generic plugin that supports all the
818 connection types and capabilities that NetworkManager has. It
819 writes files out in an .ini-style format in
820 /etc/NetworkManager/system-connections. See nm-settings-keyfile(5)
821 for details about the file format.
822 The stored connection file may contain passwords, secrets and
824 private keys in plain text, so it will be made readable only to
825 root, and the plugin will ignore files that are readable or
826 writable by any user or group other than root. See "Secret flag
827 types" in nm-settings(5) for how to avoid storing passwords in
828 plain text.
829 This plugin is always active, and will automatically be used to
831 store any connections that aren't supported by any other active
832 plugin.
833 ifcfg-rh
835 This plugin is used on the Fedora and Red Hat Enterprise Linux
836 distributions to read and write configuration from the standard
837 /etc/sysconfig/network-scripts/ifcfg-* files. It currently supports
838 reading Ethernet, Wi-Fi, InfiniBand, VLAN, Bond, Bridge, and Team
839 connections. Enabling ifcfg-rh implicitly enables ibft plugin, if
840 it is available. This can be disabled by adding no-ibft. See
841 /usr/share/doc/initscripts/sysconfig.txt and nm-settings-ifcfg-
842 rh(5) for more information about the ifcfg file format.
843 ifupdown
845 This plugin is used on the Debian and Ubuntu distributions, and
846 reads Ethernet and Wi-Fi connections from /etc/network/interfaces.
847 This plugin is read-only; any connections (of any type) added from
849 within NetworkManager when you are using this plugin will be saved
850 using the keyfile plugin instead.
851 ibft, no-ibft
853 This plugin allows to read iBFT configuration (iSCSI Boot Firmware
854 Table). The configuration is read using /sbin/iscsiadm. Users are
855 expected to configure iBFT connections via the firmware interfaces.
856 If ibft support is available, it is automatically enabled after
857 ifcfg-rh. This can be disabled by no-ibft. You can also explicitly
858 specify ibft to load the plugin without ifcfg-rh or to change the
859 plugin order.
860 Note that ibft plugin uses /sbin/iscsiadm and thus requires
862 CAP_SYS_ADMIN capability.
863 ifcfg-suse, ifnet
865 These plugins are deprecated and their selection has no effect. The
866 keyfile plugin should be used instead.
867
869 Device List Format
870 The configuration options main.no-auto-default, main.ignore-carrier,
871 keyfile.unmanaged-devices, connection*.match-device and
872 device*.match-device select devices based on a list of matchings.
873 Devices can be specified using the following format:
874 *
876 Matches every device.
877 IFNAME
879 Case sensitive match of interface name of the device. Globbing is
880 not supported.
881 HWADDR
883 Match the permanent MAC address of the device. Globbing is not
884 supported
885 interface-name:IFNAME, interface-name:~IFNAME
887 Case sensitive match of interface name of the device. Simple
888 globbing is supported with * and ?. Ranges and escaping is not
889 supported.
890 interface-name:=IFNAME
892 Case sensitive match of interface name of the device. Globbing is
893 disabled and IFNAME is taken literally.
894 mac:HWADDR
896 Match the permanent MAC address of the device. Globbing is not
897 supported
898 s390-subchannels:HWADDR
900 Match the device based on the subchannel address. Globbing is not
901 supported
902 type:TYPE
904 Match the device type. Valid type names are as reported by "nmcli
905 -f GENERAL.TYPE device show". Globbing is not supported.
906 driver:DRIVER
908 Match the device driver as reported by "nmcli -f
909 GENERAL.DRIVER,GENERAL.DRIVER-VERSION device show". "DRIVER" must
910 match the driver name exactly and does not support globbing.
911 Optionally, a driver version may be specified separated by '/'.
912 Globbing is supported for the version.
913 except:SPEC
915 Negative match of a device. SPEC must be explicitly qualified with
916 a prefix such as interface-name:. A negative match has higher
917 priority then the positive matches above.
918 SPEC[,;]SPEC
920 Multiple specs can be concatenated with commas or semicolons. The
921 order does not matter as matches are either inclusive or negative
922 (except:), with negative matches having higher priority.
923 Backslash is supported to escape the separators ';' and ',', and to
925 express special characters such as newline ('\n'), tabulator
926 ('\t'), whitespace ('\s') and backslash ('\\'). The globbing of
927 interface names cannot be escaped. Whitespace is not a separator
928 but will be trimmed between two specs (unless escaped as '\s').
929 Example:
931 interface-name:em4
933 mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth2
934 interface-name:vboxnet*,except:interface-name:vboxnet2
935 *,except:mac:00:22:68:1c:59:b1
936
939 NetworkManager(8), nmcli(1), nmcli-examples(7), nm-online(1), nm-
940 settings(5), nm-applet(1), nm-connection-editor(1)
941NetworkManager 1.12.0 NETWORKMANAGER.CONF(5)