Hide Forgot
Description of problem: when there are rule-* file under the /etc/sysconfig/network-scripts/. Use the nmcli command to modify the connection will show the error as below. # nmcli connection modify enp6s0f1 ipv6.method ignore Error: Failed to modify connection 'enp6s0f1': Cannot modify a connection that has an associated 'rule-' or 'rule6-' file Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.add a rule-* file on under /etc/sysconfig/network-scripts/ # echo -e "iif enp6s0f0 table 1 \nfrom 10.1.23.37 table 1" > /etc/sysconfig/network-scripts/rule-enp6s0f 2.# nmcli connection modify enp6s0f1 ipv6.method ignore Actual results: Error: Failed to modify connection 'enp6s0f1': Cannot modify a connection that has an associated 'rule-' or 'rule6-' file Expected results: no error message. Additional info: when cu config the PBR refer below KCS: https://access.redhat.com/solutions/288823
yes, that is an known limitation, because NetworkManager does not support the complexity of initscripts rule files. It's not a bug, it a missing feature in that NM refuses to edit such connections. The workaround is to manually edit the ifcfg file (and/or remove the rule files).
please review th/ifcfg-rule-write-rh1384799
(In reply to Thomas Haller from comment #10) > please review th/ifcfg-rule-write-rh1384799 LGTM
merged to upstream master: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=fda635f5e971d7713cf0d38257c3687fd080b432 Now, you can modify ifcfg-rh connections, even if there are rule files (complex routes). Note that you still cannot configure any manual routes on such a connection. Writer will reject that with an error.
automated, tested, working well
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0778
I am still seeing this on latest N-M package (version: NetworkManager-1.10.2-14.el7_5.x86_64) I can create the connection without the rule file, I can modify the ipv4.route-table value, I add the rule file, I reload, I down and up the connection, then everything is fine (I see rules up by N-M dispatcher, I see routes in tables by N-M). If I add the rule- file before attempting to adjust the route-table balue, it works. Only when I attempt to set a value for ipv4.route-table, it bails with OP error message. After reboot, I see the rules, but the routes are placed in main table, and nmcli con show conn-name shows route-table reset to zero: "ipv4.route-table: 0 (unspec)" So to summarize: 1. create & edit new connection (connection.id, connection.interface-name, ipv4.method: manual ipv4.addresses: 10.1.40.250/24 ipv4.gateway: 10.1.40.254 ipv4.route-table: 100) 2. down the connection 3. enable the rule- file (iif p4p1 table 100 and from 10.1.40.250 table 100) 4. up the connection => all ok After reboot => rules present, table 100 is empty, ipv4.route-table becomes 0 (default), OP message logged.
Moreover, https://access.redhat.com/solutions/288823 (updated 22 may 2018) makes no mention of route-table but instead advises the old rule- plus route- files.
this is what works at the moment: - boot without rule files (but with route-table enabled for each device that I need) - create rules (cat template-dev1 > rule-dev1) - nmcli conn down/ nmcli conn up dev1