NetSeven
 My control panel
 Return to article list

Using Linux "ip" command cheat sheet

Published:  29/11/2022 23:00

Introduction

Linux network management used to be entirely done through special files in /proc/* using utilities such as ifconfig, route and netstat.

At some point it became too slow to have to go through all of these special files when a lot of connections can be juggled by powerful Linux systems.

As such, new utilities were created to communicate with specific kernel network APIs instead of the old UNIX way of using special files for everything.

We already talked about ss in our previous article mostly centered around netstat and it doesn't take long to notice that ss is effectively much faster than netstat.

Here's a cheat sheet to start using "ip" instead of the legacy network utilities.

Installing the legacy utilities

If you really need the legacy network tools for some reason (ifconfig, netstat, etc.) you can install them on Debian-based systems through the package manager:

apt install net-tools

Otherwise these tools are absent from recent Linux systems.

The ip command

The utility fills multiple network related roles and allows one to manage:

  • The network interfaces, including bridges;
  • IP addresses;
  • The ARP table;
  • The routing table.

General command structure

All "ip" commands start with optional flags (such as "-c" to enable colore output) then the network object you want to manage (IP addresses, interfaces, ...) then a command related to that specific object.

ip [<OPTIONS>] <OBJECT> [<OBJECT_SPECIFIC_COMMAND>]

The default command is ls which lists the items for the specific network objects.

For instance:

ip a

Will list all of the IP addresses configured on the system.

You can use help as the command to see all of the available commands and sometimes examples for the specified network object.

IP addresses

To list existing IP addresses on the system with color and human readable output:

ip -br -c a

Also shows IP addresses on interfaces that aren't currently up. To get IP addresses from interfaces that are up (like ifconfig does): 

ip -br -c a ls up

To list only IPv4 addresses:

ip -4 a

Adding/removing IP addresses

Adding IP addresses doesn't replace or remove anything that may already exist, it will add a new IP address on top of the others that are already set on that interface.

To remove all the IP addresses set on a specific interface, you can use:

ip a flush dev <IFACE>

Where <IFACE> is the interface name e.g. eth0.

To add an IP address:

ip a add <IP_ADDRESS>/<16> dev <IFACE>

The most surefire way to remove a single IP address is to replicate the line that would add it, but replace the "add" with "del":

ip a del <IP_ADDRESS>/<16> dev <IFACE>

Enable/disable interfaces

First, to list all interfaces (also includes those that are down, like ifconfig -a):

ip -br l

To only show the links that are up:

ip l ls up

Disable an interface:

ip l set dev <IFACE> down

Enable an interface:

ip l set dev <IFACE> up

The routing table

To list the current routing table (replaces the route command):

ip r

The main thing you might want to do with the routing table is adding a default gateway:

ip r add default via <IP_ADDRESS>

Where <IP_ADDRESS> is the IP address of the default gateway you want to use.

To change an existing default gateway, you have to remove it first:

ip r del default

Then add the new one as shown previously.

You should rarely need to do this, but to add a normal route, you'd use:

ip r add <NETWORK/MASK> via <GATEWAY>

Such routes can be deleted using the following shortcut:

ip r del <NETWORK/MASK>

Comments

Loading...