1

I am on RHEL7 with NetworkManager disabled and no additional legacy scripts installed. Meaning, that I still use:

/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/route-eth0
/etc/sysconfig/network-scripts/rule-eth0

I have a problem with the rule-eth0 file. It loads nicely, and whenever I modify it and run $ systemctl restart networking, the new routing rules are getting picked up and are visible with $ ip rule. They also get picked up if I use the ifup-routes.

However, if I modify the rule-eth0 file, the old rules that were there before dont get removed. New ones get added though. I've tried running scripts in the network-scripts directory, they stay there unless I manually delete one after another.

I resorted to using:

$ ip rule flush

Which deleted all the rules, including the ones for the main and default table, meaning any SSH connection would get lost.

MY CONFUSION

If I delete all rule files and reboot the machine, I get my default routes back. By running $ ip rules is see:

0:      from all lookup local
32766   from all lookup main
32767   from all lookup default

Question How do I get the same behavior without a reboot?

How do I get these default rules back after running $ ip rule flush, without rebooting the machine or specifying the rules manually one after another?

KrNeki
  • 13
  • 2

1 Answers1

0

These rules are the default rules set by the kernel without any userland assistance when it initializes the initial network stack (or a new network namespace).

Here's the relevant kernel source excerpt:

static int fib_default_rules_init(struct fib_rules_ops *ops)
{
  int err;

  err = fib_default_rule_add(ops, 0, RT_TABLE_LOCAL, 0);
  if (err < 0)
      return err;
  err = fib_default_rule_add(ops, 0x7FFE, RT_TABLE_MAIN, 0);
  if (err < 0)
      return err;
  err = fib_default_rule_add(ops, 0x7FFF, RT_TABLE_DEFAULT, 0);
  if (err < 0)
      return err;
  return 0;
}

0x7FFE = 32766
0x7FFF = 32767

etc.

To address the last question: have a script. There's even ip rule save/ip rule restore with very limited usefulness. You shouldn't run ip rule flush without some selector to limit its scope to an intended rules subset. Eg: ip rule flush lookup 1000 will delete any entry (even partially) matching lookup 1000.

A.B
  • 9,037
  • 2
  • 19
  • 37
  • I see. So the solution to persistent configuration is to manually define local, main and default rules in the rule file. Then with the script, I have to flush all the rules and readd them from the rule file. Otherwise, how would I know what rules to flush (other people are playing with the machine, my job is to undo anything they do). – KrNeki Jan 25 '22 at 10:40