Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1384799

Summary: [RFE] Cannot modify a connection that has an associated 'rule-' or 'rule6-' file
Product: Red Hat Enterprise Linux 7 Reporter: Zeng Yiquan <yzeng>
Component: NetworkManagerAssignee: Thomas Haller <thaller>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: aloughla, atragler, bgalvani, lrintel, mailinglists35, mleitner, pasik, ptalbert, rkhan, sukulkar, thaller, vbenes
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 13:19:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1337826, 1373698    
Bug Blocks: 1420851, 1470965    

Description Zeng Yiquan 2016-10-14 08:02:11 UTC 
Description of problem:

when there are rule-* file under the /etc/sysconfig/network-scripts/.
Use the nmcli command to modify the connection will show the error as below.

# nmcli connection modify enp6s0f1 ipv6.method ignore
Error: Failed to modify connection 'enp6s0f1': Cannot modify a connection that has an associated 'rule-' or 'rule6-' file

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1.add a rule-* file on under /etc/sysconfig/network-scripts/
# echo -e "iif enp6s0f0 table 1 \nfrom 10.1.23.37 table 1" > /etc/sysconfig/network-scripts/rule-enp6s0f
2.# nmcli connection modify enp6s0f1 ipv6.method ignore

Actual results:

Error: Failed to modify connection 'enp6s0f1': Cannot modify a connection that has an associated 'rule-' or 'rule6-' file

Expected results:

no error message.

Additional info:
when cu config the PBR refer below KCS:
https://access.redhat.com/solutions/288823
Comment 2 Thomas Haller 2016-10-14 08:20:36 UTC 
yes, that is an known limitation, because NetworkManager does not support the complexity of initscripts rule files.

It's not a bug, it a missing feature in that NM refuses to edit such connections. The workaround is to manually edit the ifcfg file (and/or remove the rule files).
Comment 10 Thomas Haller 2017-10-23 07:54:57 UTC 
please review th/ifcfg-rule-write-rh1384799
Comment 11 Beniamino Galvani 2017-10-25 11:44:24 UTC 
(In reply to Thomas Haller from comment #10)
> please review th/ifcfg-rule-write-rh1384799

LGTM
Comment 12 Thomas Haller 2017-10-25 12:12:38 UTC 
merged to upstream master:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=fda635f5e971d7713cf0d38257c3687fd080b432


Now, you can modify ifcfg-rh connections, even if there are rule files (complex routes).
Note that you still cannot configure any manual routes on such a connection. Writer will reject that with an error.
Comment 15 Vladimir Benes 2018-01-11 23:26:14 UTC 
automated, tested, working well
Comment 18 errata-xmlrpc 2018-04-10 13:19:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0778
Comment 19 Mai Ling 2018-06-09 03:22:58 UTC 
I am still seeing this on latest N-M package (version: NetworkManager-1.10.2-14.el7_5.x86_64)

I can create the connection without the rule file, I can modify the ipv4.route-table value, I add the rule file, I reload, I down and up the connection, then everything is fine (I see rules up by N-M dispatcher, I see routes in tables by N-M).

If I add the rule- file before attempting to adjust the route-table balue, it works. Only when I attempt to set a value for ipv4.route-table, it bails with OP error message.

After reboot, I see the rules, but the routes are placed in main table, and nmcli con show conn-name shows route-table reset to zero: "ipv4.route-table:                       0 (unspec)"

So to summarize:
1. create & edit new connection (connection.id, connection.interface-name, ipv4.method:                            manual
ipv4.addresses:                         10.1.40.250/24
ipv4.gateway:                           10.1.40.254
ipv4.route-table:                       100)
2. down the connection
3. enable the rule- file (iif p4p1 table 100 and from 10.1.40.250 table 100)
4. up the connection
=> all ok

After reboot => rules present, table 100 is empty, ipv4.route-table becomes 0 (default), OP message logged.
Comment 20 Mai Ling 2018-06-09 03:25:51 UTC 
Moreover, https://access.redhat.com/solutions/288823 (updated 22 may 2018) makes no mention of route-table but instead advises the old rule- plus route- files.
Comment 21 Mai Ling 2018-06-09 04:06:09 UTC 
this is what works at the moment:
- boot without rule files (but with route-table enabled for each device that I need)
- create rules (cat  template-dev1 > rule-dev1)
- nmcli conn down/ nmcli conn up dev1