NetworkManager not seeing a connection

Hello, I have Rocky 9.1 and am having major issues w NM

I am storing all configs in flat files in /etc/NetworkManager/system-connections/iface name.conf

  1. on reboot, my network is breaking, for example my em1 iface





If i go to nmtui, it regenerates the UUID constantly and creates a new config file, ie, em1-NEW-UUID.conf

is there any way to pin config files to physical MAC address instead of UUID?

  1. I created a new bonded connection using nmtui,






on reboot, this connection doesnt even show up with nmcli c show

restarting NM and reloading connections doesnt help.

compared to network-scripts, NM is a nightmare to manage.

additionally, I am unable to install the legacy scripts, are they completely gone for this Rocky version?

dnf install network-scripts
Last metadata expiration check: 1:57:21 ago on Wed May  3 22:07:31 2023.
No match for argument: network-scripts
Error: Unable to find a match: network-scripts


network-scripts is long gone in Rocky Linux 9.

You may want the configuration named em1.nmconnection - .conf is not what is used for network manager connections.

If this does not work, I highly recommend starting from scratch with nmcli con del em1 and nmcli con del bond0, ensure that all references of them are gone from /etc/NetworkManager/system-connections, and create a new connections with nmcli con add or nmtui.

From there you can use nmcli con mod or nmtui to configure the rest of your settings. You can also manage them manually if you prefer. See nmcli con show <interface> and it’ll show you all possible options with what they are set to (whether by default or by you).

man nmcli-examples has some semi-useful details.

Yes. Note: NetworkManager does not talk about files. It has devices and connections.
(One can define multiple connections for same device – just not use them simultaneously.)

The installer defines (Ethernet) connections that are bound to devices by MAC.
The nmcli requires ifname and not the MAC, but that can be changed:

nmcli con mod my-con connection.interface-name "" 802-3-ethernet.mac-address 11:22.33:44:55:66

After that the my-con is for device that has MAC 11:22.33:44:55:66 no matter what the name of the device is.

is there way to put this into static cfg file? I want a persistence on reboot and we control all iface+network settings via Salt cfg management

I added this to the iface.nmconnection file,

connection.stable-id=mac  <<<< 

not sure if thats the same functionality as what you posted

is there any way to limit # of connection profiles per device to 1?

I dont understand why theres an option to create multip Connections per Device? whats the point?

if I have a physical NIC connected (device), I want a simple 1:1 configuration for this NIC, ie

MAC: 123456ABC
name: em1

NM keeps creating new connection profiles with new UUIDs every time I go into nmtui and edit a connection.

My guess is NM is designed for all kinds of machines, not just rack servers, ie laptops with wifi networks, so each time you connect to new wifi channel, thats a new Connectioin profile running on the wireless NIC, is this correct?

but these are rack servers, the requirements are totally different from other machines like laptops + iOT devices, just need a simple network config tool that is persistent on reboots

Have you tried the suggestion of making sure the files in /etc/NetworkManager/system-connections are .nmconnection and not .conf?

On server you probably do want package NetworkManager-config-server, like its description says.

I have not had nmtui create additional connections. Then again, I do use nmcli most of the time.
The nmcli does write changes to files, so the settings you make with it ougth to be “persistent”.

(FirewallD, which you probably don’t want in server either, does have separate “runtime” and “permanent” commands. The nftables.service is more the “drop in correct files” solution.)

Red Hat’s alternative supports Ansible and there is for iface+network settings. It can’t do all the tricks yet, but Ansible collections do have a nmcli role that covers some more cases.

That cfg management is able to use NetworkManager as a backend, so the user does not care about “nmconnection files”. Is Salt limited to “files directly” approach?

yes, all the config files have .nmconnection extension

ll /etc/NetworkManager/system-connections/
total 28K
-rw------- 1 root root 5.5K May  4 10:45 con-bond0.nmconnection
-rw------- 1 root root  507 May  4 10:45 con-em1.nmconnection
-rw------- 1 root root  520 May  4 10:45 con-p1p1.nmconnection
-rw------- 1 root root  480 May  4 10:45 con-p1p2.nmconnection
-rw------- 1 root root  520 May  4 10:45 con-p2p1.nmconnection
-rw------- 1 root root  480 May  4 12:23 con-p2p2.nmconnection

I also pinned each iface conn with a MAC address,

cat /etc/NetworkManager/system-connections/con-em1.nmconnection 






yes, salt doesnt have full support for NM yet, Im managing iface configs + routes in Salt via jinja templates which translate to flat config files on the target

RH doc about the “keyfile format”:

FirewallD, which you probably don’t want in server either, does have separate “runtime” and “permanent” commands. The nftables.service is more the “drop in correct files” solution.

Sorry if this is not related to the thread, but could you clarify more on this point? As far as I know, nftables is the backend of firewalld. Is it recommended to disable firewalld and just use nftables directly? I find it much more flexible to use it that way.

The kernel in el8 anh el9 has nf_tables, so yes the firewald.service does use nftables backend.
Red Hat writes in Configuring firewalls and packet filters Red Hat Enterprise Linux 9 | Red Hat Customer Portal

  • firewalld: Use the firewalld utility for simple firewall use cases. The utility is easy to use and covers the typical use cases for these scenarios.
  • nftables: Use the nftables utility to set up complex and performance-critical firewalls, such as for a whole network.

That wording has changed over time. It used to hint more that FirewallD is not for “real work”.
Before 8.7/9.1 the FirewallD in EL did not support routers properly.

You can configure FirewallD by dropping files under `/etc/firewalld/ but on server
you typically have rather static ruleset (no changes due to interfaces going up or down)
and – for those, who know what they do™ – well-crafted ruleset is probably “lean and mean”.