Network - Linux
Firewall
nftables
IP forward
Get IP forward setting
sysctl net.ipv4.ip_forward
Set IP forward setting (0 = Disable, 1 = Enable)
sysctl -w net.ipv4.ip_forward={0|1}
Set IP forward on boot
net.ipv4.ip_forward = {0|1}
Ping
Display timeout
ping -O <IP address>
Display time
ping <IP address> | while read log; do
echo "$(date): $log";
done
IP
Ref:
ip help
| Option | Description |
|---|---|
-4 | IPv4 |
-6 | IPv6 |
-c | Color output |
ip [<option>] { link | address | route | neigh | tunnel | tuntap | maddress | mroute | monitor | l2tp | ... } { <command> | help }
Interface
Ref:
ip link help
ip l [show [<dev>] [up]]
Interface up / down
ip l set [dev] <device> { up | down }
# Deprecated
ifconfig <interface> { up | down }
IP address
Ref:
ip address help
ip a [show [<device>] [up]]
# Deprecated
ifconfig
Add IP address
ip a add <IP address>/<prefix length> dev <device>
# Deprecated
ifconfig <interface> add <IP address>/<prefix length>
Delete IP address
ip a del <IP address>/<prefix length> dev <device>
# Deprecated
ifconfig <interface> del <IP address>/<prefix length>
Flush (Delete all) IP address
ip a flush [dev <device>] [up]
ARP / Neighbor
Ref:
ip neighbor help
ip n [show]
# Deprecated
arp
Clear ARP / NDP / Neighbor
ip n flush { all | dev <device> }
Route
Ref:
ip route help
| Option | Description |
|---|---|
No match or root | Exact <IP address>[/<prefix length> |
match | Prefix not longer than <prefix length> |
root | Prefix not shorter than <prefix length> |
ip r [list] [match|root] [<IP address>[/<prefix length>]]
# Deprecated
route [-n]
# Deprecated
netstat -[n]r
Get route to destination address
ip r get <IP address>
Add route
# default = 0/0 or ::/0
ip r add { default | <IP-address>/<prefix length> } [metric <metric>] [via <next hop IP address>] [dev <device>] [metric <metric>]
# Deprecated
route add -net <IP address>/<prefix length> gw <next hop IP address> [dev <device>] [metric <metric>]
Set / Replace default gateway
ip r r[eplace] default via <gateway IP address> [dev <device>]
ip r r default via 10.0.0.1
Delete route
# default = 0/0 or ::/0
ip r delete { default | <IP address>/<prefix length> } [via <next hop IP address>] [dev <device>]
# Deprecated
route del default
route del -net <IP address>/<prefix length> [gw <next hop IP address>] [dev <device>] [metric <metric>]
Socket statistics
ss [<option> ...] [state <state>] [<expression>]
| Option | Description |
|---|---|
-n | Numeric |
-a | All listening and non-listening sockets |
-l | Listening sockets |
-p | Process |
-4 | IPv4 |
-6 | IPv6 |
-t | TCP |
-u | UDP |
state <state> | State: { all | connected | synchronized }, TCP State: { established | syn-sent | syn-recv | fin-wait-1 | fin-wait-2 | time-wait | closed | close-wait | last-ack | listen | closing } |
<expression> |
# Deprecated
netstat [<option>]
| Option | Description |
|---|---|
-n | Numeric |
-a | All listening and non-listening sockets |
-l | Listening sockets |
-p | Program |
-4 | IPv4 |
-6 | IPv6 |
-t | TCP |
-u | UDP |
cat /proc/net/udp
cat /proc/net/tcp
lsof [-n] -i [4|6][TCP|UDP][@<host>][:<port>]
| Option | Description |
|---|---|
-n | Numeric |
[4|6] | IPv4 / IPv6 |
<host> | Host / IPv4 / [<IPv6>] |
<port> | Port / <port>-<port> |
-p [^]<PID> | Process ID, ^: Exclude |
Traffic control
Ref: Use Linux Traffic Control as impairment node in a test environment
Ref: tc-tbf manual
Ref:
man tc-netem
Show qdisc (queueing discipline)
tc qdisc show dev <dev>
Remove qdisc (queueing discipline)
tc qdisc add dev <dev> root
netem (Network Emulator)
Latency
tc qdisc add dev <dev> root netem \
delay <min latency>ms [<max latency>ms]
Loss / Corrupt / Duplicate
tc qdisc add dev <dev> root netem \
{ loss | corrupt | duplicate } <chance>%
TBF (Token Bucket Filter)
Limit traffic rate / speed / bandwidth
# min burst = rate / HZ(1000)
# limit = queue size
# latency = max amount of time in queue
tc qdisc add dev <dev> root tbf \
rate <rate>{k|m}bit \
burst <burst>{k|m}bit \
{ limit <limit>{k|m}bit | latency <latency>ms }
Network manager
< Ubuntu 18
apt show ifupdown
# Config
/etc/network/interfaces
Ubuntu 18, 20
apt show netplan.io
# Config
/etc/netplan/
netplanusesystemd-networkdby default
RHEL
yum info NetworkManager
nmcli
nmtui
# Config
/etc/sysconfig/network-scripts/
RHEL restart network
nmcli networking off; nmcli networking on