-<?xml version='1.0'?> <!--*-nxml-*-->
+<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<filename>/run</filename> take precedence over files with the same
name in <filename>/usr/lib</filename>. This can be used to
override a system-supplied configuration file with a local file if
- needed; a symlink in <filename>/etc</filename> with the same name
- as a configuration file in <filename>/usr/lib</filename>, pointing
- to <filename>/dev/null</filename>, disables the configuration file
- entirely.</para>
-
+ needed. As a special case, an empty file (file size 0) or symlink
+ with the same name pointing to <filename>/dev/null</filename>
+ disables the configuration file entirely (it is "masked").</para>
</refsect1>
<refsect1>
<varlistentry>
<term><varname>DHCP=</varname></term>
<listitem>
- <para>Enables DHCPv4 and/or DHCPv6 support. Accepts
+ <para>Enables DHCPv4 and/or DHCPv6 client support. Accepts
<literal>yes</literal>, <literal>no</literal>,
<literal>ipv4</literal>, or <literal>ipv6</literal>.</para>
- <para>Please note that by default the domain name
+ <para>Note that DHCPv6 will by default be triggered by Router
+ Advertisment, if that is enabled, regardless of this parameter.
+ By enabling DHCPv6 support explicitly, the DHCPv6 client will
+ be started regardless of the presence of routers on the link,
+ or what flags the routers pass. See
+ <literal>IPv6AcceptRouterAdvertisements=</literal>.</para>
+
+ <para>Furthermore, note that by default the domain name
specified through DHCP is not used for name resolution.
See option <option>UseDomains=</option> below.</para>
</listitem>
<varlistentry>
<term><varname>DHCPServer=</varname></term>
<listitem>
- <para>A boolean. Enables a basic DHCPv4 server on the
- device. Mostly useful for handing out leases to container
- instances.</para>
+ <para>A boolean. Enables DHCPv4 server support. Defaults
+ to <literal>no</literal>. Further settings for the DHCP
+ server may be set in the <literal>[DHCPServer]</literal>
+ section described below.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv6Token=</varname></term>
<listitem>
<para>An IPv6 address with the top 64 bits unset. When set, indicates the
- 64 bits interface part of SLAAC IPv6 addresses for this link. By default
+ 64-bit interface part of SLAAC IPv6 addresses for this link. By default,
it is autogenerated.</para>
</listitem>
</varlistentry>
<term><varname>LLMNR=</varname></term>
<listitem>
<para>A boolean or <literal>resolve</literal>. When true, enables
- Link-Local Multicast Name Resolution on the link, when set to
- <literal>resolve</literal> only resolution is enabled, but not
+ Link-Local Multicast Name Resolution on the link. When set to
+ <literal>resolve</literal>, only resolution is enabled, but not
announcement. Defaults to true.</para>
</listitem>
</varlistentry>
<term><varname>BindCarrier=</varname></term>
<listitem>
<para>A port or a list of ports. When set, controls the
- behaviour of the current interface. When all ports in the list
+ behavior of the current interface. When all ports in the list
are in an operational down state, the current interface is brought
down. When at least one port has carrier, the current interface
is brought up.
</varlistentry>
<varlistentry>
<term><varname>IPForward=</varname></term>
- <listitem><para>Configures IP forwarding for the network
- interface. If enabled incoming packets on the network
- interface will be forwarded to other interfaces according to
- the routing table. Takes either a boolean argument, or the
- values <literal>ipv4</literal> or <literal>ipv6</literal>,
- which only enables IP forwarding for the specified address
- family, or <literal>kernel</literal>, which preserves existing sysctl settings.
- This controls the
- <filename>net.ipv4.conf.<interface>.forwarding</filename>
- and
- <filename>net.ipv6.conf.<interface>.forwarding</filename>
- sysctl options of the network interface (see <ulink
+ <listitem><para>Configures IP packet forwarding for the
+ system. If enabled, incoming packets on any network
+ interface will be forwarded to any other interfaces
+ according to the routing table. Takes either a boolean
+ argument, or the values <literal>ipv4</literal> or
+ <literal>ipv6</literal>, which only enable IP packet
+ forwarding for the specified address family. This controls
+ the <filename>net.ipv4.ip_forward</filename> and
+ <filename>net.ipv6.conf.all.forwarding</filename> sysctl
+ options of the network interface (see <ulink
url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink>
for details about sysctl options). Defaults to
<literal>no</literal>.</para>
- <para>Note: unless this option is turned on, or set to <literal>kernel</literal>,
- no IP forwarding is done on this interface, even if this is
- globally turned on in the kernel, with the
- <filename>net.ipv4.ip_forward</filename>,
- <filename>net.ipv4.conf.all.forwarding</filename>, and
- <filename>net.ipv6.conf.all.forwarding</filename> sysctl
- options.</para>
+ <para>Note: this setting controls a global kernel option,
+ and does so one way only: if a network that has this setting
+ enabled is set up the global setting is turned on. However,
+ it is never turned off again, even after all networks with
+ this setting enabled are shut down again.</para>
+
+ <para>To allow IP packet forwarding only between specific
+ network interfaces use a firewall.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>IPMasquerade=</varname></term>
<listitem><para>Configures IP masquerading for the network
- interface. If enabled packets forwarded from the network
+ interface. If enabled, packets forwarded from the network
interface will be appear as coming from the local host.
Takes a boolean argument. Implies
<varname>IPForward=ipv4</varname>. Defaults to
Privacy Extensions for Stateless Address Autoconfiguration
in IPv6). Takes a boolean or the special values
<literal>prefer-public</literal> and
- <literal>kernel</literal>. When true enables the privacy
+ <literal>kernel</literal>. When true, enables the privacy
extensions and prefers temporary addresses over public
- addresses. When <literal>prefer-public</literal> enables the
+ addresses. When <literal>prefer-public</literal>, enables the
privacy extensions, but prefers public addresses over
temporary addresses. When false, the privacy extensions
- remain disabled. When <literal>kernel</literal> the kernel's
+ remain disabled. When <literal>kernel</literal>, the kernel's
default setting will be left in place. Defaults to
<literal>no</literal>.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>IPv6AcceptRouterAdvertisements=</varname></term>
+ <listitem><para>Force the setting of the <filename>accept_ra</filename>
+ (router advertisements) setting for the interface.
+ When unset, the kernel default is used, and router
+ advertisements are accepted only when local forwarding
+ is disabled for that interface.
+ When router advertisements are accepted, they will
+ trigger the start of the DHCPv6 client if the relevant
+ flags are passed, or if no routers are found on the link.
+ Takes a boolean. If true, router advertisements are
+ accepted, when false, router advertisements are ignored,
+ independently of the local forwarding state.</para>
+
+ <para>See
+ <ulink url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink>
+ in the kernel documentation, but note that systemd's
+ setting of <constant>1</constant> corresponds to
+ kernel's setting of <constant>2</constant>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>IPv6DuplicateAddressDetection=</varname></term>
+ <listitem><para>Configures the amount of IPv6 Duplicate
+ Address Detection (DAD) probes to send. Defaults to unset.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>IPv6HopLimit=</varname></term>
+ <listitem><para>Configures IPv6 Hop Limit. For each router that
+ forwards the packet, the hop limit is decremented by 1. When the
+ hop limit field reaches zero, the packet is discarded.
+ Defaults to unset.
+ </para></listitem>
+ </varlistentry>
<varlistentry>
<term><varname>Bridge=</varname></term>
<listitem>
<term><varname>Destination=</varname></term>
<listitem>
<para>The destination prefix of the route. Possibly
- followed by a slash and the prefixlength. If omitted, a
+ followed by a slash and the prefix length. If omitted, a
full-length host route is assumed.</para>
</listitem>
</varlistentry>
<term><varname>Source=</varname></term>
<listitem>
<para>The source prefix of the route. Possibly followed by
- a slash and the prefixlength. If omitted, a full-length
+ a slash and the prefix length. If omitted, a full-length
host route is assumed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Metric=</varname></term>
<listitem>
- <para>The metric of the route. An unsigned integer</para>
+ <para>The metric of the route (an unsigned integer).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Scope=</varname></term>
<listitem>
- <para>The scope of the route. One of the values <literal>global</literal>,
+ <para>The scope of the route, which can be <literal>global</literal>,
<literal>link</literal> or <literal>host</literal>. Defaults to
<literal>global</literal>.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>PreferredSource=</varname></term>
+ <listitem>
+ <para>The preferred source address of the route. The address
+ must be in the format described in
+ <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>[DHCP] Section Options</title>
- <para>The <literal>[DHCP]</literal> section accepts the following keys:</para>
+ <para>The <literal>[DHCP]</literal> section configures the
+ DHCPv4 and DHCP6 client, if it is enabled with the
+ <varname>DHCP=</varname> setting described above:</para>
<variablelist class='network-directives'>
<varlistentry>
any statically configured ones.</para>
<para>This corresponds to the <option>nameserver</option>
- option in <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+ option in <citerefentry
+ project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>SendHostname=</varname></term>
<listitem>
- <para>When true (the default), the machine's hostname will be sent to the DHCP
- server</para>
+ <para>When true (the default), the machine's hostname will
+ be sent to the DHCP server.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>UseHostname=</varname></term>
<listitem>
<para>When true (the default), the hostname received from
- the DHCP server will be used as the transient
- hostname.</para>
+ the DHCP server will be set as the transient hostname of the system
+ </para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Hostname=</varname></term>
<listitem>
- <para>Hostname is a option to override the machine's hostname that will be sent to the DHCP server</para>
+ <para>Use this value for the hostname which is sent to the
+ DHCP server, instead of machine's hostname.</para>
</listitem>
</varlistentry>
<varlistentry>
<listitem>
<para>When true (the default), the static routes will be
requested from the DHCP server and added to the routing
- table with metric of 1024.</para>
+ table with a metric of 1024.</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>UseTimezone=</varname></term>
+
+ <listitem><para>When true, the timezone received from the
+ DHCP server will be set as as timezone of the local
+ system. Defaults to <literal>no</literal>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>CriticalConnection=</varname></term>
<listitem>
DHCP server.</para>
</listitem>
</varlistentry>
- </variablelist>
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>[DHCPServer] Section Options</title>
+ <para>The <literal>[DHCPServer]</literal> section contains
+ settings for the DHCP server, if enabled via the
+ <varname>DHCPServer=</varname> option described above:</para>
+ <variablelist class='network-directives'>
+
+ <varlistentry>
+ <term><varname>PoolOffset=</varname></term>
+ <term><varname>PoolSize=</varname></term>
+
+ <listitem><para>Configures the pool of addresses to hand out. The pool
+ is a contiguous sequence of IP addresses in the subnet configured for
+ the server address, which does not include the subnet nor the broadcast
+ address. <varname>PoolOffset=</varname> takes the offset of the pool
+ from the start of subnet, or zero to use the default value.
+ <varname>PoolSize=</varname> takes the number of IP addresses in the
+ pool or zero to use the default value. By default, the pool starts at
+ the first address after the subnet address and takes up the rest of
+ the subnet, excluding the broadcast address. If the pool includes
+ the server address (the default), this is reserved and not handed
+ out to clients.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>DefaultLeaseTimeSec=</varname></term>
+ <term><varname>MaxLeaseTimeSec=</varname></term>
+
+ <listitem><para>Control the default and maximum DHCP lease
+ time to pass to clients. These settings take time values in seconds or
+ another common time unit, depending on the suffix. The default
+ lease time is used for clients that did not ask for a specific
+ lease time. If a client asks for a lease time longer than the
+ maximum lease time, it is automatically shortened to the
+ specified time. The default lease time defaults to 1h, the
+ maximum lease time to 12h. Shorter lease times are beneficial
+ if the configuration data in DHCP leases changes frequently
+ and clients shall learn the new settings with shorter
+ latencies. Longer lease times reduce the generated DHCP
+ network traffic.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>EmitDNS=</varname></term>
+ <term><varname>DNS=</varname></term>
+
+ <listitem><para>Configures whether the DHCP leases handed out
+ to clients shall contain DNS server information. The
+ <varname>EmitDNS=</varname> setting takes a boolean argument
+ and defaults to <literal>yes</literal>. The DNS servers to
+ pass to clients may be configured with the
+ <varname>DNS=</varname> option, which takes a list of IPv4
+ addresses. If the <varname>EmitDNS=</varname> option is
+ enabled but no servers configured, the servers are
+ automatically propagated from an "uplink" interface that has
+ appropriate servers set. The "uplink" interface is determined
+ by the default route of the system with the highest
+ priority. Note that this information is acquired at the time
+ the lease is handed out, and does not take uplink interfaces
+ into account that acquire DNS or NTP server information at a
+ later point. DNS server propagation does not take
+ <filename>/etc/resolv.conf</filename> into account. Also, note
+ that the leases are not refreshed if the uplink network
+ configuration changes. To ensure clients regularly acquire the
+ most current uplink DNS server information, it is thus
+ advisable to shorten the DHCP lease time via
+ <varname>MaxLeaseTimeSec=</varname> described
+ above.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>EmitNTP=</varname></term>
+ <term><varname>NTP=</varname></term>
+
+ <listitem><para>Similar to the <varname>EmitDNS=</varname> and
+ <varname>DNS=</varname> settings described above, these
+ settings configure whether and what NTP server information
+ shall be emitted as part of the DHCP lease. The same syntax,
+ propagation semantics and defaults apply as for
+ <varname>EmitDNS=</varname> and
+ <varname>DNS=</varname>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>EmitTimezone=</varname></term>
+ <term><varname>Timezone=</varname></term>
+
+ <listitem><para>Configures whether the DHCP leases handed out
+ to clients shall contain timezone information. The
+ <varname>EmitTimezone=</varname> setting takes a boolean
+ argument and defaults to <literal>yes</literal>. The
+ <varname>Timezone=</varname> setting takes a timezone string
+ (such as <literal>Europe/Berlin</literal> or
+ <literal>UTC</literal>) to pass to clients. If no explicit
+ timezone is set, the system timezone of the local host is
+ propagated, as determined by the
+ <filename>/etc/localtime</filename> symlink.</para></listitem>
+ </varlistentry>
+
+ </variablelist>
</refsect1>
<refsect1>
<varlistentry>
<term><varname>UnicastFlood=</varname></term>
<listitem>
- <para>A boolean. UnicastFlood configures whether a given port will flood
- unicast traffic for which there is no FDB entry. By default this
- flag is off.</para>
+ <para>A boolean. Controls whether the bridge should flood
+ traffic for which an FDB entry is missing and the destination
+ is unknown through this port. Defaults to on.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>HairPin=</varname></term>
<listitem>
- <para> A boolean. Configures whether traffic may be send back
- out of the port on which it was received. By default, this
- flag is false. and the bridge will not forward traffic back
- out of the receiving port. By default the flag is off.</para>
+ <para>A boolean. Configures whether traffic may be sent back
+ out of the port on which it was received. By default, this
+ flag is false, and the bridge will not forward traffic back
+ out of the receiving port.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><varname>BPDUGuard=</varname></term>
+ <term><varname>UseBPDU=</varname></term>
<listitem>
- <para> A boolean. Configures whether STP Bridge Protocol Data Units will be
- processed by the bridge port. By default, the flag is false allowing BPDU
- processing. Turning this flag on will cause the port to stop processing
- STP Bridge Protocol Data Units. By default the flag is off.</para>
+ <para>A boolean. Configures whether STP Bridge Protocol Data Units will be
+ processed by the bridge port. Defaults to yes.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>FastLeave=</varname></term>
<listitem>
- <para> A boolean. This flag allows the bridge to immediately stop multicast
- traffic on a port that receives IGMP Leave message. It is only used with
- IGMP snooping if enabled on the bridge. By default the flag is off.</para>
+ <para>A boolean. This flag allows the bridge to immediately stop multicast
+ traffic on a port that receives an IGMP Leave message. It is only used with
+ IGMP snooping if enabled on the bridge. Defaults to off.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><varname>RootBlock=</varname></term>
+ <term><varname>AllowPortToBeRoot=</varname></term>
<listitem>
- <para> A boolean. Configures whether a given port is allowed to
- become root port or not. Only used when STP is enabled on the bridge.
- By default the flag is off.</para>
+ <para>A boolean. Configures whether a given port is allowed to
+ become a root port. Only used when STP is enabled on the bridge.
+ Defaults to on.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Cost=</varname></term>
<listitem>
- <para>Each port in a bridge may have different speed. Cost
+ <para>Sets the "cost" of sending packets of this interface.
+ Each port in a bridge may have a different speed and the cost
is used to decide which link to use. Faster interfaces
- should have lower costs</para>
+ should have lower costs.</para>
</listitem>
</varlistentry>
</variablelist>
<varlistentry>
<term><varname>VLANId=</varname></term>
<listitem>
- <para>The VLAN Id for the new static MAC table entry. If
- omitted, no VLAN Id info is appended to the new static MAC
+ <para>The VLAN ID for the new static MAC table entry. If
+ omitted, no VLAN ID info is appended to the new static MAC
table entry.</para>
</listitem>
</varlistentry>
</example>
<example>
- <title>/etc/systemd/network/bridge-static.network</title>
+ <title>/etc/systemd/network/25-bridge-static.network</title>
<programlisting>[Match]
Name=bridge0
</example>
<example>
- <title>/etc/systemd/network/bridge-slave-interface.network</title>
+ <title>/etc/systemd/network/25-bridge-slave-interface.network</title>
<programlisting>[Match]
Name=enp2s0
Bridge=bridge0</programlisting>
</example>
<example>
- <title>/etc/systemd/network/ipip.network</title>
+ <title>/etc/systemd/network/25-ipip.network</title>
<programlisting>[Match]
Name=em1
</example>
<example>
- <title>/etc/systemd/network/sit.network</title>
+ <title>/etc/systemd/network/25-sit.network</title>
<programlisting>[Match]
Name=em1
</example>
<example>
- <title>/etc/systemd/network/gre.network</title>
+ <title>/etc/systemd/network/25-gre.network</title>
<programlisting>[Match]
Name=em1
</example>
<example>
- <title>/etc/systemd/network/vti.network</title>
+ <title>/etc/systemd/network/25-vti.network</title>
<programlisting>[Match]
Name=em1
[Network]
Tunnel=vti-tun</programlisting>
</example>
+
+ <example>
+ <title>/etc/systemd/network/25-bond.network</title>
+
+ <programlisting>[Match]
+Name=bond1
+
+[Network]
+DHCP=yes
+</programlisting>
+ </example>
+
</refsect1>
<refsect1>
projects / thirdparty / systemd.git / blobdiff