IfState Configuration Schema
global configuration settings
overrides per interface sysctl settings in /proc/sys/net/ipv*/conf/all/
settings in /proc/sys/net/ipv4/*/conf/
settings in /proc/sys/net/ipv6/*/conf/
default per interface sysctl settings in /proc/sys/net/ipv*/conf/default/
settings in /proc/sys/net/ipv4/*/conf/
settings in /proc/sys/net/ipv6/*/conf/
ignore patterns to skip interface, ip address or routing objects
list of ip address prefixes to be ignored
ip address with prefix length
"fe80::/10"
list of ip address prefixes to be ignored
ip address with prefix length
"fe80::/10"
ignore dynamic assigned ip addresses
interface names matching this list of regex will be ignored
regex to match interface name
"^br-[\\da-f]{12}"
"^docker\\d+"
"^lo$"
"^ppp\\d+$"
"^veth"
"^virbr\\d+"
"^vrrp\\d*\\.\\d+$"
interface names matching this list of regex will be ignored
regex to match interface name
"^br-[\\da-f]{12}"
"^docker\\d+"
"^lo$"
"^ppp\\d+$"
"^veth"
"^virbr\\d+"
"^vrrp\\d*\\.\\d+$"
filter routes by options
filter routes by options
filter rules by options
the type of this rule
the priority of this rule
Value must be greater or equal to 0 and lesser or equal to 4294967295
select the source prefix to match
select the destination prefix to match
select the incoming device to match
select the outgoing device to match
routing protocol number (/etc/iproute2/rt_protos)
select the fwmark value to match
select the ip protocol to match
filter rules by options
the type of this rule
the priority of this rule
Value must be greater or equal to 0 and lesser or equal to 4294967295
select the source prefix to match
select the destination prefix to match
select the incoming device to match
select the outgoing device to match
routing protocol number (/etc/iproute2/rt_protos)
select the fwmark value to match
select the ip protocol to match
list of interface settings (link settings and ip addresses)
name of the interface
ip addresses of the interface
"192.0.2.1"
"192.168.0.1/24"
"2001:db8::1/64"
interface depending on vrrp status
related vrrp INSTANCE or GROUP name
failover type
states at which the interface should be configured
link settings of the interface
generic interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
Physical network interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ select interface by permanent address [ethtool -P]
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ select interface by bus info [ethtool -i]
Must be at most 32 characters long
set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
Dummy network interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
VETH/VXCAN interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ specifies a parent device name or index
set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
VLAN interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
specifies a parent device name or index
specifies the VLAN identifier to use
Value must be greater or equal to 0 and lesser or equal to 4094
VXLAN interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
specifies the VNI
Value must be greater or equal to 0 and lesser or equal to 16777215
interface to use for tunnel endpoint communication
IPIP interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
SIT interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
GRE, GRETAP interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
IP6GRE, IP6GRETAP interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
GENEVE interface over IPv4
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
specifies the VNI to use
Value must be greater or equal to 0 and lesser or equal to 16777215
remote IPv4 address of the tunnel
GENEVE interface over IPv6
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
specifies the VNI to use
Value must be greater or equal to 0 and lesser or equal to 16777215
remote IPv4 address of the tunnel
WireGuard interface; WireGuard settings can be configured using a wireguard block
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
XFRM interface
link type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-f0-9]{2}:){5}[a-f0-9]{2}$ set device state
specifies a master device name or index
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
symbolic name for easy reference
underlying interface used to send and receive the transformed traffic
lookup key to match xfrm policies
Value must be greater or equal to 0 and lesser or equal to 4294967295
interface sysctl settings in /proc/sys/net/ipv*/conf/{IFACE}/
settings in /proc/sys/net/ipv4/*/conf/
settings in /proc/sys/net/ipv6/*/conf/
network driver and hardware settings via ethtool(8)
pause parameters
enable pause autonegotiation
enable Rx pause
enable Tx pause
interrupt coalescing
enable pause autonegotiation
enable pause autonegotiation
rx/tx ring parameters
number of ring entries for the Rx ring
number of ring entries for the Rx Mini ring
number of ring entries for the Rx Jumbo ring
number of ring entries for the Tx ring
offload parameters and other features
enable RX checksumming
enable TX checksumming
enable scatter-gather
enable TCP segmentation offload
enable UDP fragmentation offload
enable generic segmentation offload
enable generic receive offload
enable large receive offload
enable RX VLAN acceleration
enable TX VLAN acceleration
enable Rx ntuple filters and actions
enable receive hashing offload
device settings
speed in Mbps
full or half duplex mode
device port selection
MDI-X mode for port
enable autonegotation
speed and duplex advertised by autonegotation
PHY address
transceiver type
Wake-on-LAN options
Must match regular expression:^[pumbagsfd]+$ SecureOnâ„¢ password
Must match regular expression:^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$ driver message flags
driver message flags by number
driver message flags by name
number of channels
number of channels with only receive queues
number of channels with only transmit queues
number of channels used only for other purposes
number of multi-purpose channels
Energy-Efficient Ethernet (according to the IEEE 802.3az specifications)
enable EEE support
assert Tx LPI
sets the speed for which EEE should be enabled (see also change.advertise)
amount of idle time prior asserting Tx LPI (in microseconds)
PHY tunable parameters
enable downshift
enable downshift
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable Fast Link Down
enable Fast Link Down
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable Energy Detect Power Down (EDPD)
enable EDPD
Must contain a minimum of 3 items
Must contain a maximum of 3 items
private flags
Forward Error Correction
FEC encoding
settings for traffic control
enable the ingress qdisc for policing and shaping in ingress
root queueing disciplines
generic classless qdisc
qdisk type
cake - common applications kept enhanced (CAKE)
qdisk type
unique id
ACKnowledge filter
ATM mode
autorate-ingress
diffserv mode
ingress
overhead
Value must be greater or equal to -64 and lesser or equal to 256
flow mode
fwmark
Value must be greater or equal to 0
memlimit
Value must be greater or equal to 0
MPU
Value must be greater or equal to 0 and lesser or equal to 256
NAT
RAW
well-known RTT
manually specify an RTT (us)
Value must be greater or equal to 1
split GSO
target
Value must be greater or equal to 1
wash
choke - choose and keep scheduler
qdisk type
CoDel - Controlled-Delay Active Queue Management algorithm
qdisk type
bfifo - Byte limited First In, First Out queue; pfifo - Packet limited First In, First Out queue
qdisk type
queue size in bytes or packets
fq - Fair Queue traffic policing
qdisk type
hard limit on the real queue size (number of packets)
hard limit on the max number of packets per flow
fq_codel - Fair Queuing (FQ) with Controlled Delay (CoDel)
qdisk type
hard limit on the real queue size (number of packets)
number of flows
generic classful qdisc
qdisk type
classful multiqueue dummy scheduler
qdisk type
list child qdiscs for each device TX queue
child qdiscs for the nth device TX queue
Same definition as interfaces_items_tc_qdiscunique id
filter used by qdiscs
basic - basic traffic control filter
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
mirred - mirror/redirect action
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
match packets using the extended match infrastructure
flow - flow based traffic control filter
filter mode
map to class ID by key
filter mode
hash over keys for class ID calculation
rehashing interval (in seconds)
Value must be greater or equal to 0 and lesser or equal to 294967295
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
mirred - mirror/redirect action
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
offset for the class ID calculation
Value must be greater or equal to 0 and lesser or equal to 65535
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
fw - fwmark traffic control filter
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
mirred - mirror/redirect action
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
fwmark (iptables) to match
Value must be greater or equal to 0
matchall - traffic control filter that matches every packet
unique id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
mirred - mirror/redirect action
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
push matching packets into class
Value must be greater or equal to 0 and lesser or equal to 4294967295
process flags (1: SKIPHW, 2: SKIPSW)
Value must be greater or equal to 0 and lesser or equal to 4294967295
filter type
settings for WireGuard interfaces
local private key (consider to use the !include tag to read the key from file)
port for listening
Value must be greater or equal to 0 and lesser or equal to 65535
fwmark for outgoing packets
Value must be greater or equal to 0 and lesser or equal to 4294967295
list of peer definitions
the peer's public key
initial endpoint IP or hostname
keepalive interval seconds
Value must be greater or equal to 0 and lesser or equal to 65535
list of prefixes in CIDR notation
the type of this route
the output device name
the routing protool identifier of this route
the realm to which this route is assigned
the scope of the destinations covered by the route prefix
the table to add this route to
the destination prefix of the route
address of the nexthop router
the source address to prefer
preference of the route
Value must be greater or equal to 0 and lesser or equal to 4294967295
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
"to_tbl" the type of this rule
the priority of this rule
Value must be greater or equal to 0 and lesser or equal to 4294967295
select the source prefix to match
select the destination prefix to match
select the incoming device to match
select the outgoing device to match
routing protocol number (/etc/iproute2/rt_protos)
select the fwmark value to match
select the ip protocol to match