mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-07 00:31:11 +00:00
examples: add ipv4.dhcp-client-id and ipv6.dhcp-duid to 30-anon.conf example
This commit is contained in:
parent
92b8161578
commit
fd878d8261
|
@ -1,39 +1,44 @@
|
|||
# Example configuration snippet for NetworkManager to
|
||||
# overwrite some default value for more privacy.
|
||||
# Put it for example to /etc/NetworkManager/conf.d/30-anon.conf
|
||||
# Drop this file for example to /etc/NetworkManager/conf.d/30-anon.conf
|
||||
#
|
||||
# See man NetworkManager.conf(5) for how default values
|
||||
# work. See man nm-settings(5) for the connection properties.
|
||||
#
|
||||
#
|
||||
# This enables privacy setting by default. The defaults
|
||||
# This enables some privacy setting by default. The defaults
|
||||
# apply only to settings that do not explicitly configure
|
||||
# a per-connection override.
|
||||
# That means, if the connection profile has
|
||||
#
|
||||
# $ nmcli connection show "$CON_NAME" |
|
||||
# grep '^\(connection.stable-id\|ipv6.addr-gen-mode\|ipv6.ip6-privacy\|802-11-wireless.cloned-mac-address\|802-11-wireless.mac-address-randomization\|802-3-ethernet.cloned-mac-address\)'
|
||||
# grep '^\(connection.stable-id\|ipv6.addr-gen-mode\|ipv6.ip6-privacy\|802-11-wireless.cloned-mac-address\|802-11-wireless.mac-address-randomization\|802-3-ethernet.cloned-mac-address\|ipv4.dhcp-client-id\|ipv6.dhcp-duid\)'
|
||||
# connection.stable-id: --
|
||||
# 802-3-ethernet.cloned-mac-address: --
|
||||
# 802-11-wireless.cloned-mac-address: --
|
||||
# 802-11-wireless.mac-address-randomization:default
|
||||
# ipv4.dhcp-client-id: --
|
||||
# ipv6.ip6-privacy: -1 (unknown)
|
||||
# ipv6.addr-gen-mode: stable-privacy
|
||||
# ipv6.dhcp-duid: --
|
||||
#
|
||||
# then the default values are inherited and thus both the MAC
|
||||
# address and the IPv6 host identifier are randomized.
|
||||
# address, IPv6 host identifier, and DHCP identifiers are randomized.
|
||||
# Also, ipv6 private addresses (RFC4941) are used in
|
||||
# addition.
|
||||
#
|
||||
#
|
||||
# The connection's stable-id is really a token associated with the identity
|
||||
# of the connection. It means, by setting it to different values, different
|
||||
# addresses and DHCP options are generated.
|
||||
# For some profiles it can make sense to reuse the same stable-id
|
||||
# (and thus MAC address and IPv6 host identifier) for the duration
|
||||
# (and thus share MAC address and IPv6 host identifier) for the duration
|
||||
# of the current boot, but still exclusive to the connection profile.
|
||||
# Thus, explicitly set the stable-id like:
|
||||
#
|
||||
# $ nmcli connection modify "$CON_NAME" connection.stable-id '${CONNECTION}/${BOOT}'
|
||||
#
|
||||
# ... or keep it stable accross reboots, still distinct per profile:
|
||||
# ... or keep it stable accross reboots, but still distinct per profile:
|
||||
#
|
||||
# $ nmcli connection modify "$CON_NAME" connection.stable-id '${CONNECTION}'
|
||||
#
|
||||
|
@ -53,3 +58,23 @@ connection.stable-id=${RANDOM}
|
|||
ethernet.cloned-mac-address=stable
|
||||
wifi.cloned-mac-address=stable
|
||||
ipv6.ip6-privacy=2
|
||||
|
||||
# RFC 7844 "DHCP Anonymity Profiles" mandates in combination with
|
||||
# MAC address randomization:
|
||||
# connection.stable-id=${RANDOM}
|
||||
# ethernet.cloned-mac-address=stable
|
||||
# wifi.cloned-mac-address=stable
|
||||
# ipv4.dhcp-client-id=mac
|
||||
# ipv6.dhcp-duid=ll
|
||||
# In case, the interface cannot use MAC address randomization,
|
||||
# RFC 7844 recomments
|
||||
# connection.stable-id=${RANDOM}
|
||||
# ipv4.dhcp-client-id=stable
|
||||
# ipv6.dhcp-duid=stable-llt
|
||||
# See https://tools.ietf.org/html/rfc7844#section-3.5
|
||||
# https://tools.ietf.org/html/rfc7844#section-4.3
|
||||
#
|
||||
# In this example however, the defaults are set to a stable identifier
|
||||
# depending on the connection.stable-id.
|
||||
ipv4.dhcp-client-id=stable
|
||||
ipv6.dhcp-duid=stable-uuid
|
||||
|
|
Loading…
Reference in a new issue