Use of linux Network Configuration Tool

This article introduces RHEL8 network services and network configuration tools, as well as network firewall and rule management tools.

NetworkManager Network Management Tool

NetworkManager provides the network service of RHEL8. Every network device is associated with one NetworkManager device, and the configuration of network devices is stored in NetworkManager connection.

NetworkManager provides D-Bus API interfaces to configure the management network and GUI/TUI/CLI tools to configure the network.

Installing NetworkManager

$ yum install NetworkManager

Turn on NetworkManager

$ systemctl enable NetworkManager

Start NetworkManager

$ systemctl start NetworkManager

View NetworkManager status

$ systemctl status NetworkManager

Network configuration tool

RHEL8 provides three network configuration tools, which are

nmcli Command Line Interface nmtui Simple TUI Interface nm-connection-editor graphical interface

The network dispatcher feature supports running scripts based on network status, which are stored in directors/etc/NetworkManager/dispatcher. d/

The network configuration file is stored in the/etc/sysconfig/network-scripts/directory, and the default script is not provided by default. In RHEL8, ifup/ifdown is used to turn on and off the specified network. It will not take effect immediately after modifying the network configuration, and it is necessary to restart the network or reload

$ nmcli connection reload

List network devices

$ nmcli device

List network connections

$ nmcli connection

Show overall status

$ nmcli general status

Setting DNS

$ nmcli con mod conn-name ipv4.dns "8.8.8.8 8.8.4.4"
$ nmcli -p con show conn-name

Start the interactive interface

$ nmcli con edit

Firewall management module nftables

Media Access Control Security (MACsec) is a network transmission encryption authentication technology.
IPsec works at the network layer (2)
SSL works in the application layer (7)
MACsec works at the data link layer (2)

In RHEL8, nftables is used as the back end of firewall instead of the original iptables. nftables provides packet filtering and classification functions, integrates various tools, and makes many improvements, such as supporting IPv4/IPv6 at the same time, automatic processing rules, supporting debug and so on.

Similar to iptables, nftables uses tables to store network chains. The network chain (chains) contains rules for each behavior. The nft tool replaces all the components in the previous network packet filtering framework. The libnftnl library can be used to interact with nftables API over libnml at the lower network layer.

In RHEL8, nftables is the default backend of firewall. Although the nftables backend is backward compatible with the previous firewall configuration iptables backend, you can still switch the firewall backend to iptables. The FirewallBackend option in the configuration file/etc/firewalld/firewalld. conf needs to be configured to iptables.

The effect of the nftables rule module can be listed by the nft command. Because nftables rules set up to increase the table, chain and rule division, in the operation need to pay attention to the impact.