Permanent Static Routing
(2021-06-15)
Problem
How do we set a static route entry to take effect at boot time without custom script fuckery like rc.local?
Solution
For routes with an actual destination, you add them using Network Manager's nmcli :
# nmcli con mod eth0 ipv4.routes "10.0.0.0/8 192.168.1.1"
# nmcli con mod eth0 +ipv4.routes "172.16.0.0/12 192.168.1.2"
If you are looking to add routes without a real destination ie a blackhole route, you have to use custom script fuckery in /etc/NetworkManager/dispatcher.d/pre-up.d , for example an executable file named 50-blackholes :
#!/bin/bash
ip route add blackhole 10.0.0.0/8
ip route add blackhole 172.16.0.0/12
ip route add blackhole 192.168.0.0/16
Commentary
Yeah yeah this could also be done with firewalld, but who really wants to open that can of worms? My sketch is that this is a box that could be anywhere in the network but might have snmp targets configured from previous locations which would cause a bunch of wasted network traffic. The local, and default, rules are directly present so for the internet and local-net traffic a blanket blackhole covers the rest until someone can get in and reconfigure the monitors.
According to the Fedora documentation since at least Fedora 28, we don't do routing in Fedora. It isn't in the system admin guide at all.
If you dig around you'll eventually notice the ipv4.routes parameter in nmcli profiles, and googling that will get you a RHEL page describing how it works.
Blackhole routing seems to only be described here, in a CentOS bug report.