For When You Can't Have The Real Thing
[ start | index | login ]
start > Fedora > 34 > Permanent Static Routing

Permanent Static Routing

Created by dave. Last edited by dave, 94 days ago. Viewed 161 times. #2
[diff] [history] [edit] [rdf]
labels
attachments
(2021-06-15)

Problem

How do we set a static route entry to take effect at boot time without custom script fuckery like rc.local?

Solution

For routes with an actual destination, you add them using Network Manager's nmcli:

# nmcli con mod eth0 ipv4.routes "10.0.0.0/8 192.168.1.1"
# nmcli con mod eth0 +ipv4.routes "172.16.0.0/12 192.168.1.2"

If you are looking to add routes without a real destination ie a blackhole route, you have to use custom script fuckery in /etc/NetworkManager/dispatcher.d/pre-up.d, for example an executable file named 50-blackholes:

#!/bin/bash
ip route add blackhole 10.0.0.0/8
ip route add blackhole 172.16.0.0/12
ip route add blackhole 192.168.0.0/16

Commentary

Yeah yeah this could also be done with firewalld, but who really wants to open that can of worms? My sketch is that this is a box that could be anywhere in the network but might have snmp targets configured from previous locations which would cause a bunch of wasted network traffic. The local, and default, rules are directly present so for the internet and local-net traffic a blanket blackhole covers the rest until someone can get in and reconfigure the monitors.

According to the Fedora documentation since at least Fedora 28, we don't do routing in Fedora. It isn't in the system admin guide at all.

If you dig around you'll eventually notice the ipv4.routes parameter in nmcli profiles, and googling that will get you a RHEL page describing how it works.

Blackhole routing seems to only be described >>here, in a CentOS bug report.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt