Linux Tutorials

RHEL Version Comparison: Key Differences Between RHEL 6, 7, 8, 9, and 10

Maximilian B. 18 min read 58 views

Why These Differences Matter

Red Hat Enterprise Linux has anchored production datacenters since 2002. Each major release changes core subsystems that directly affect how you provision, manage, and troubleshoot servers every day. If you are migrating from RHEL 6 to RHEL 10, you are not merely upgrading a kernel. You are crossing five generations of architectural decisions: SysVinit to systemd, yum to dnf, iptables to nftables, Docker to Podman 5, and now cgroups v1 to cgroups v2 exclusively.

With RHEL 10 released in May 2025, the gap between legacy and current is wider than ever. RHEL 10 drops 32-bit packages entirely, removes iptables from active maintenance, kills the ifcfg network configuration format, rips out Xorg in favor of Wayland, and requires CPUs with AVX2 support (x86-64-v3). A sysadmin who assumes the new version works like the old one will hit breakage on day one.

This article walks through the practical, hands-on differences between RHEL 6, 7, 8, 9, and 10. It is written for working administrators planning migrations, managing mixed-version fleets, or preparing for RHCSA/RHCE certification.

Timeline and Support Lifecycle

Red Hat follows a predictable lifecycle for each major version: roughly 10 years of full plus maintenance support, with optional Extended Life-cycle Support (ELS) beyond that. Knowing where each version sits determines whether you should patch in place, migrate, or declare end-of-life.

Version Release Based On Kernel Full Support Maintenance End ELS End
RHEL 6 Nov 2010 Fedora 12/13 2.6.32 May 2017 Nov 2020 Jun 2024
RHEL 7 Jun 2014 Fedora 19/20 3.10 Aug 2019 Jun 2024 Jun 2028
RHEL 8 May 2019 Fedora 28 4.18 May 2024 May 2029 May 2032
RHEL 9 May 2022 Fedora 34 5.14 May 2027 May 2032 May 2035
RHEL 10 May 2025 Fedora 40 6.12 LTS May 2030 May 2035 TBD

RHEL 6 reached its absolute end of life (including ELS) in June 2024. No more patches, period. RHEL 7 is in ELS until June 2028 but receives only critical fixes. RHEL 8 entered maintenance in May 2024. RHEL 9 remains in full support. RHEL 10, the newest release, carries full support through May 2030 and maintenance through May 2035.

RHEL version lifecycle timeline showing support windows from RHEL 6 through RHEL 10

What RHEL 10 Changes for You

RHEL 10 is not an incremental update. It is a clean break from several legacy subsystems that had been carried forward for years. Here is what changed:

The Big Additions

  • Kernel 6.12 LTS with improved io_uring, better eBPF support, and enhanced hardware enablement
  • x86-64-v3 minimum — RHEL 10 requires CPUs with AVX2, BMI1/BMI2, FMA, and MOVBE. Pre-Haswell Intel and pre-Excavator AMD will not boot
  • Podman 5.x with Netavark networking (replacing CNI plugins) and pasta (replacing slirp4netns) for rootless containers
  • cgroups v2 only — cgroups v1 is completely removed, not just deprecated
  • Image mode (bootc) — container-native OS deployment where the entire OS is managed as a container image
  • Post-quantum cryptography — ML-KEM (Kyber) and ML-DSA (Dilithium) support in OpenSSL 3.2.2 and OpenSSH 9.9
  • Valkey 8.0 replaces Redis as the default in-memory data store
  • Python 3.12, GCC 14.2, systemd 256, SELinux 3.8, GNOME 47

The Big Removals

  • 32-bit i686 packages — completely gone. No multilib, no 32-bit wine, no legacy 32-bit applications
  • iptables — deprecated and unmaintained. nftables is the only supported firewall backend
  • dhclient (ISC DHCP) — removed. NetworkManager uses its internal DHCP client exclusively
  • teamd/libteam — removed. Use kernel bonding instead
  • ifcfg network config files — removed. NetworkManager uses keyfile format only
  • Xorg display server — removed. Wayland only, with Xwayland for legacy X11 applications
  • XFS V4 on-disk format — cannot mount filesystems created before RHEL 7.3
  • libdb (Berkeley DB) — removed from the distribution
  • ipset — deprecated alongside iptables

Init System: SysVinit to systemd

The change that hit hardest happened between RHEL 6 and 7: SysVinit was replaced by systemd as PID 1.

RHEL 6: SysVinit

RHEL 6 uses traditional SysVinit with /etc/init.d/ scripts and runlevels 0 through 6. Services are managed with service and chkconfig:

# RHEL 6 service management
service httpd start
service httpd status
chkconfig httpd on          # enable at boot
chkconfig --list httpd      # show runlevel config

# Check runlevel
runlevel
# Output: N 3

Boot order is determined by numbered symlinks in /etc/rc.d/rcN.d/. Services start sequentially, making boot times slow on machines with many services.

RHEL 7 through 10: systemd

RHEL 7 introduced systemd, and every release since has expanded its role. Services are unit files managed with systemctl:

# RHEL 7/8/9/10 service management
systemctl start httpd
systemctl status httpd
systemctl enable httpd       # enable at boot
systemctl enable --now httpd # enable AND start in one command

# View logs for a unit
journalctl -u httpd --since "1 hour ago"

# List failed units
systemctl --failed

Runlevels are replaced by targets. The mapping:

  • Runlevel 3 = multi-user.target
  • Runlevel 5 = graphical.target
  • Runlevel 1 = rescue.target

RHEL 10 ships systemd 256, which adds improvements to portable services, credential handling, and soft-reboot capabilities. The old service and chkconfig wrappers still exist on RHEL 7-9 but should not be relied upon in new automation.

Init system evolution flowchart from SysVinit to systemd 256 across RHEL versions

Package Management: yum to dnf

RHEL 6 and 7: yum

Both RHEL 6 and 7 use yum (Yellowdog Updater Modified). The underlying resolver and plugin system differ slightly between versions, but the CLI is essentially the same:

# RHEL 6/7 package management
yum install nginx
yum update
yum remove nginx
yum search "web server"
yum info nginx
yum groupinstall "Development Tools"

# List enabled repos
yum repolist

RHEL 8, 9, and 10: dnf

RHEL 8 replaced yum with dnf (Dandified YUM). On RHEL 8 and 9, a yum symlink points to dnf for backward compatibility. RHEL 8 also introduced Application Streams (modules) to deliver multiple versions of language runtimes and tools:

# RHEL 8/9/10 package management
dnf install nginx
dnf update
dnf remove nginx
dnf search "web server"

# Application streams (RHEL 8/9/10)
dnf module list
dnf module enable nodejs:20
dnf module install nodejs:20

# View transaction history
dnf history
dnf history undo 15

RHEL 10 continues with dnf and further refines module support. The yum compatibility symlink remains available, but all new documentation and tooling references dnf exclusively.

Default Filesystem: ext4 to XFS

RHEL 6: ext4

RHEL 6 uses ext4 as its default filesystem. XFS is available but not the default. ext4 supports volumes up to 16 TiB and files up to 16 TiB.

RHEL 7 through 10: XFS

Starting with RHEL 7, XFS became the default filesystem. XFS handles large files and parallel I/O workloads more efficiently than ext4 and supports volumes up to 500 TiB (on RHEL 7+).

# Check filesystem type
df -Th /

# Create XFS filesystem
mkfs.xfs /dev/sdb1

# Grow XFS online (XFS cannot shrink)
xfs_growfs /mount/point

# Repair XFS (must be unmounted)
xfs_repair /dev/sdb1

RHEL 10 breaking change: XFS V4 on-disk format support is removed. If you have XFS filesystems created before RHEL 7.3, they use the V4 format and cannot be mounted on RHEL 10. You must back up the data and recreate the filesystem with V5 format before migrating. Check your format version with:

# Check XFS on-disk format version
xfs_db -r -c "version" /dev/sdb1
# V5 filesystems show "CRC" in the features list

# Alternative: check ftype support (V5 indicator)
xfs_info /mount/point | grep ftype
# ftype=1 means V5 format

Firewall: iptables to nftables

The firewall stack has evolved across every RHEL generation, and RHEL 10 draws a hard line.

RHEL 6: iptables (raw)

RHEL 6 uses raw iptables with rules saved in /etc/sysconfig/iptables:

# RHEL 6 firewall management
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
service iptables save
service iptables restart

RHEL 7: firewalld + iptables backend

RHEL 7 introduced firewalld as the management layer, but iptables remained the backend:

# RHEL 7 firewalld with iptables backend
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
firewall-cmd --list-all

RHEL 8 and 9: firewalld + nftables backend

RHEL 8 switched firewalld's backend from iptables to nftables. Raw iptables commands still worked (via a compatibility layer), but nft became the underlying engine:

# RHEL 8/9 firewalld (nftables backend)
firewall-cmd --add-port=8080/tcp --permanent
firewall-cmd --reload

# Direct nftables usage
nft list ruleset
nft add rule inet filter input tcp dport 443 accept

RHEL 10: nftables only, iptables deprecated

RHEL 10 marks iptables as deprecated and unmaintained. The iptables packages may still be installable, but they receive no bug fixes or security patches. The ipset utility is also deprecated. If you have automation or scripts using raw iptables syntax, you must migrate to nft or firewalld:

# RHEL 10: translate iptables rules to nftables
iptables-translate -A INPUT -p tcp --dport 22 -j ACCEPT
# Output: nft add rule ip filter INPUT tcp dport 22 counter accept

# Translate an entire iptables-save file
iptables-restore-translate -f /path/to/iptables-rules.txt

# Verify current nftables ruleset
nft list ruleset
Comparison of iptables versus nftables firewall architecture across RHEL versions

Container Runtime: Docker to Podman 5

The container story across RHEL versions followed the same direction as the wider industry: away from monolithic daemons and toward daemonless, rootless tools.

RHEL 6: No native containers

RHEL 6 predates the Docker era. Containers were not a supported workflow. LXC was technically possible but not part of the standard distribution.

RHEL 7: Docker

RHEL 7 shipped Docker as the supported container runtime. The docker daemon ran as root:

# RHEL 7 Docker
systemctl start docker
docker pull nginx
docker run -d -p 80:80 nginx

RHEL 8 and 9: Podman (daemonless)

RHEL 8 replaced Docker with Podman, Buildah, and Skopeo. Podman runs containers without a central daemon and supports rootless operation out of the box:

# RHEL 8/9 Podman
podman pull nginx
podman run -d -p 80:80 nginx

# Rootless containers (no root required)
podman run --rm -it fedora bash

# Generate systemd unit from container
podman generate systemd --new --name myapp

RHEL 10: Podman 5, Netavark, pasta, cgroups v2

RHEL 10 ships Podman 5.x with major networking and resource management changes:

  • Netavark replaces CNI plugins as the container networking stack. It is faster, supports DNS by default, and integrates better with Podman
  • pasta (from passt) replaces slirp4netns for rootless container networking, delivering near-native network performance
  • cgroups v2 only — cgroups v1 is removed from the kernel config. All container resource limits use the unified cgroups v2 hierarchy
# RHEL 10 Podman 5
podman run -d --name web -p 8080:80 nginx

# Verify networking backend
podman info | grep -i network
# networkBackend: netavark

# Verify cgroups version
cat /sys/fs/cgroup/cgroup.controllers
# Output: cpuset cpu io memory hugetlb pids rdma misc

# Quadlet: define containers as systemd units (RHEL 10 preferred method)
# Create ~/.config/containers/systemd/webapp.container
cat <<'EOF' > ~/.config/containers/systemd/webapp.container
[Container]
Image=docker.io/library/nginx:latest
PublishPort=8080:80
Volume=./html:/usr/share/nginx/html:Z

[Service]
Restart=always

[Install]
WantedBy=default.target
EOF

systemctl --user daemon-reload
systemctl --user start webapp

If your orchestration depends on cgroups v1 (some older Kubernetes setups, legacy Docker Compose configurations), it will break on RHEL 10. Test thoroughly before migrating container hosts.

Container runtime evolution from Docker to Podman 5 across RHEL versions

Networking: Scripts to NetworkManager

Network configuration has frustrated admins for years, and RHEL 10 finally kills the legacy formats.

RHEL 6: network-scripts

RHEL 6 uses the traditional /etc/sysconfig/network-scripts/ifcfg-* files and the network service:

# RHEL 6 /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes

# Restart networking
service network restart

RHEL 7: NetworkManager + ifcfg compatibility

RHEL 7 made NetworkManager the default but kept full ifcfg file support. Both nmcli and manual ifcfg editing worked:

# RHEL 7 using nmcli
nmcli con add type ethernet ifname eth0 con-name eth0 \
  ip4 192.168.1.10/24 gw4 192.168.1.1
nmcli con up eth0

# ifcfg files still fully supported on RHEL 7

RHEL 8 and 9: NetworkManager preferred, ifcfg deprecated

RHEL 8 and 9 keep ifcfg file support but mark it as deprecated. The nmcli and nmtui tools are the documented interface:

# RHEL 8/9 NetworkManager
nmcli con mod eth0 ipv4.addresses 192.168.1.10/24
nmcli con mod eth0 ipv4.gateway 192.168.1.1
nmcli con mod eth0 ipv4.method manual
nmcli con up eth0

RHEL 10: keyfiles only, ifcfg and teamd removed

RHEL 10 removes ifcfg format support entirely. NetworkManager stores connections as keyfiles in /etc/NetworkManager/system-connections/. Additionally, teamd/libteam is removed; use kernel bonding instead.

# RHEL 10 keyfile format: /etc/NetworkManager/system-connections/eth0.nmconnection
[connection]
id=eth0
type=ethernet
interface-name=eth0

[ipv4]
method=manual
address1=192.168.1.10/24,192.168.1.1
dns=8.8.8.8;8.8.4.4;

[ipv6]
method=auto

# Migration: convert ifcfg to keyfile BEFORE upgrading to RHEL 10
nmcli con migrate        # converts all ifcfg files to keyfiles

# RHEL 10 DHCP: dhclient is removed, NM internal DHCP only
# No configuration needed; NetworkManager handles DHCP natively

# Bonding (replaces teamd on RHEL 10)
nmcli con add type bond ifname bond0 bond.options "mode=802.3ad,miimon=100"
nmcli con add type ethernet ifname eth0 master bond0
nmcli con add type ethernet ifname eth1 master bond0
nmcli con up bond0

Security Evolution

Every RHEL release has raised the security bar. RHEL 10 adds post-quantum cryptography and tighter crypto policies.

Crypto Policies Across Versions

Feature RHEL 6 RHEL 7 RHEL 8 RHEL 9 RHEL 10
OpenSSL 1.0.1 1.0.2 1.1.1 3.0.x 3.2.2 (3.5 in 10.1)
OpenSSH 5.3 7.4 8.0 8.7 9.9
SELinux Targeted Targeted Targeted Targeted (3.5) Targeted (3.8)
Crypto Policies N/A N/A System-wide System-wide System-wide + PQC
Post-Quantum No No No No ML-KEM, ML-DSA

RHEL 10 Post-Quantum Cryptography

RHEL 10 includes support for NIST-standardized post-quantum algorithms: ML-KEM (formerly Kyber) for key encapsulation and ML-DSA (formerly Dilithium) for digital signatures. These protect against future quantum computer attacks on key exchange.

# RHEL 10: check system-wide crypto policy
update-crypto-policies --show
# DEFAULT

# Set a stricter policy
update-crypto-policies --set FUTURE

# SSH with post-quantum key exchange (RHEL 10)
# OpenSSH 9.9 supports ML-KEM hybrid key exchange automatically
# when both client and server support it

# Check supported key exchange algorithms
ssh -Q kex
# ... includes mlkem768x25519-sha256

System-wide Crypto Policies (RHEL 8+)

On RHEL 8 and later, the update-crypto-policies command sets minimum TLS versions, cipher suites, and key lengths for all applications at once. This eliminates the need to configure crypto settings per-application:

# Set policy for all crypto libraries
update-crypto-policies --set DEFAULT
# Options: LEGACY, DEFAULT, FUTURE, FIPS

# Allow legacy connections when needed
update-crypto-policies --set DEFAULT:SHA1
Security feature evolution infographic across RHEL 6 through RHEL 10

Python and Toolchain Versions

Language runtimes and compilers change with each release. This table shows the defaults:

Component RHEL 6 RHEL 7 RHEL 8 RHEL 9 RHEL 10
Python 2.6 2.7 3.6 (2.7 avail) 3.9 3.12
GCC 4.4 4.8 8.5 11.x 14.2
glibc 2.12 2.17 2.28 2.34 2.39
Perl 5.10 5.16 5.26 5.32 5.40
Ruby 1.8 2.0 2.5 (3.1 stream) 3.1 3.3
PHP 5.3 5.4 7.2 (8.x stream) 8.0 (8.2 stream) 8.3

The Python situation is worth breaking down separately. RHEL 6 and 7 shipped Python 2 as the system default. RHEL 8 was the transition release: Python 3.6 was default, but Python 2.7 was available as an installable package. RHEL 9 dropped Python 2 entirely, shipping Python 3.9. RHEL 10 moves to Python 3.12 with its improved error messages, performance gains, and tomllib in the standard library.

# RHEL 6/7: python points to Python 2
python --version
# Python 2.6.6 (RHEL 6) or Python 2.7.5 (RHEL 7)

# RHEL 8: explicit version required
python3 --version   # Python 3.6.8
# "python" command doesn't exist by default on RHEL 8
# Use alternatives to set it:
alternatives --set python /usr/bin/python3

# RHEL 9/10: python3 is default
python3 --version
# Python 3.9.x (RHEL 9) or Python 3.12.x (RHEL 10)

Full Comparison Table

This master table puts every major component side by side across all five RHEL versions:

Component RHEL 6 RHEL 7 RHEL 8 RHEL 9 RHEL 10
Kernel 2.6.32 3.10 4.18 5.14 6.12 LTS
Init System SysVinit systemd systemd systemd systemd 256
Package Mgr yum yum dnf dnf dnf
Default FS ext4 XFS (V4/V5) XFS (V5) XFS (V5) XFS (V5 only)
Firewall iptables firewalld/iptables firewalld/nftables firewalld/nftables firewalld/nftables
Containers N/A Docker Podman 1.x-4.x Podman 4.x Podman 5.x
Networking network-scripts NM + ifcfg NM + ifcfg (depr) NM + ifcfg (depr) NM keyfiles only
DHCP Client dhclient dhclient dhclient / NM dhclient / NM NM internal only
NTP ntpd ntpd / chrony chrony chrony chrony
Display Xorg Xorg Xorg + Wayland Wayland (Xorg avail) Wayland only
Desktop GNOME 2 GNOME 3 GNOME 3.28 GNOME 40+ GNOME 47
cgroups v1 v1 v1 (v2 avail) v2 default (v1 avail) v2 only
32-bit Full Multilib Multilib Multilib (reduced) Removed
CPU Arch Min x86-64 x86-64 x86-64 x86-64-v2 x86-64-v3

Removed and Deprecated in RHEL 10

This section lists everything that was removed or deprecated in RHEL 10. If you are planning a migration from RHEL 8 or 9, audit your systems for each of these:

Removed Components

Removed Replacement Action Required
cgroups v1 cgroups v2 Update container orchestration and monitoring tools
ifcfg config files NetworkManager keyfiles Run nmcli con migrate before upgrade
dhclient (ISC DHCP) NM internal DHCP Remove dhclient-specific configs; NM handles DHCP
teamd / libteam Kernel bonding Convert team interfaces to bond interfaces
Xorg server Wayland + Xwayland Test GUI apps under Wayland; Xwayland handles most X11 apps
XFS V4 format XFS V5 Back up and recreate pre-RHEL 7.3 XFS filesystems
i686 (32-bit) packages None Port or containerize 32-bit applications
libdb (Berkeley DB) SQLite, LMDB, GDBM Migrate applications using BDB to alternatives
CNI plugins (containers) Netavark Update Podman network configs; Netavark is automatic

Deprecated (Still Present, No Maintenance)

Deprecated Replacement Notes
iptables nftables / firewalld No security patches; migrate all iptables rules
ipset nftables sets Use nft set syntax for IP lists
Redis Valkey 8.0 Valkey is a fork; protocol-compatible, drop-in replacement

Migration Paths

Red Hat supports in-place upgrades between consecutive major versions using the leapp tool. The supported path is always one version at a time: 7 to 8, 8 to 9, and 9 to 10. There is no supported direct jump from RHEL 7 to RHEL 10.

General leapp Workflow

# Install leapp (on the source system)
dnf install leapp-upgrade    # RHEL 8/9
yum install leapp-upgrade    # RHEL 7

# Run pre-upgrade assessment
leapp preupgrade

# Review the report
cat /var/log/leapp/leapp-report.txt
# Address all inhibitors before proceeding

# Perform the upgrade
leapp upgrade

# Reboot into the upgrade environment
reboot

RHEL 9 to RHEL 10 Specific Guidance

Before running leapp upgrade from RHEL 9 to 10, address these items proactively:

  1. Check CPU compatibility — Verify your hardware supports x86-64-v3 (AVX2). If not, RHEL 10 will not install: 
    # Check for x86-64-v3 support
/lib64/ld-linux-x86-64.so.2 --help 2>&1 | grep "x86-64-v3"
# Or check for AVX2 directly
grep avx2 /proc/cpuinfo
  2. Convert network configs — Migrate ifcfg files to keyfiles before upgrading: 
    nmcli con migrate
# Verify the conversion
ls /etc/NetworkManager/system-connections/
  3. Convert team to bond — If using teamd, recreate those interfaces as bonds: 
    # Delete team interface
nmcli con delete team0
nmcli con delete team0-port1
nmcli con delete team0-port2

# Recreate as bond
nmcli con add type bond ifname bond0 bond.options "mode=802.3ad"
nmcli con add type ethernet ifname eth0 master bond0
nmcli con add type ethernet ifname eth1 master bond0
  4. Verify XFS format version — Ensure no V4 XFS filesystems remain: 
    # Check all mounted XFS filesystems
mount -t xfs | while read dev on mp rest; do
  echo "=== $dev ($mp) ==="
  xfs_info "$mp" | grep -E "meta-data|crc|ftype"
done
  5. Audit iptables usage — Convert any raw iptables rules to nftables: 
    # Export current rules for translation
iptables-save > /root/iptables-backup.txt
iptables-restore-translate -f /root/iptables-backup.txt > /root/nftables-rules.nft
  6. Test container workloads — Verify all containers work with cgroups v2 and Podman 5
  7. Check for 32-bit dependencies — List any i686 packages and find 64-bit alternatives: 
    rpm -qa --qf '%{NAME}.%{ARCH}\n' | grep i686

Image Mode (bootc) as an Alternative

RHEL 10 introduces Image Mode, where the OS itself is delivered as a container image. Instead of traditional package-based upgrades, you build a container image with your desired OS state, and bootc applies it atomically:

# Pull and apply a RHEL 10 bootc image
bootc switch registry.redhat.io/rhel10/rhel-bootc:10.0

# Update to a new image version
bootc upgrade

# Roll back to previous image
bootc rollback

Image mode works well for immutable infrastructure and edge deployments where you need reproducible, atomic OS updates.

Quick Reference — Cheats

Grab what you need. Each block shows the same task across RHEL versions.

Service Management

# Start a service
service httpd start              # RHEL 6
systemctl start httpd            # RHEL 7/8/9/10

# Enable at boot
chkconfig httpd on               # RHEL 6
systemctl enable httpd           # RHEL 7/8/9/10
systemctl enable --now httpd     # RHEL 7/8/9/10 (enable + start)

# Check status
service httpd status             # RHEL 6
systemctl status httpd           # RHEL 7/8/9/10

# View logs
cat /var/log/httpd/error_log     # RHEL 6
journalctl -u httpd -f           # RHEL 7/8/9/10

Package Management

# Install a package
yum install nginx                # RHEL 6/7
dnf install nginx                # RHEL 8/9/10

# Update all packages
yum update                       # RHEL 6/7
dnf update                       # RHEL 8/9/10

# Search for a package
yum search nginx                 # RHEL 6/7
dnf search nginx                 # RHEL 8/9/10

# List installed packages
yum list installed               # RHEL 6/7
dnf list installed               # RHEL 8/9/10

# Enable a module stream
dnf module enable nodejs:20      # RHEL 8/9/10

Firewall Management

# Open a port
iptables -A INPUT -p tcp --dport 80 -j ACCEPT && service iptables save     # RHEL 6
firewall-cmd --add-service=http --permanent && firewall-cmd --reload       # RHEL 7/8/9/10

# List firewall rules
iptables -L -n                        # RHEL 6
firewall-cmd --list-all               # RHEL 7/8/9/10
nft list ruleset                      # RHEL 8/9/10 (direct nftables)

# Translate iptables to nftables (RHEL 10 migration)
iptables-translate -A INPUT -p tcp --dport 443 -j ACCEPT

Network Configuration

# Set a static IP
vi /etc/sysconfig/network-scripts/ifcfg-eth0    # RHEL 6/7 (ifcfg format)

nmcli con mod eth0 ipv4.addresses 10.0.0.5/24   # RHEL 7/8/9/10
nmcli con mod eth0 ipv4.gateway 10.0.0.1
nmcli con mod eth0 ipv4.method manual
nmcli con up eth0

# View connections
nmcli con show                                    # RHEL 7/8/9/10

# Convert ifcfg to keyfiles (pre-RHEL 10 migration)
nmcli con migrate                                 # RHEL 9 (before upgrading to 10)

# View connection file (RHEL 10 keyfile)
cat /etc/NetworkManager/system-connections/eth0.nmconnection

Container Operations

# Run a container
docker run -d -p 80:80 nginx         # RHEL 7 (Docker)
podman run -d -p 80:80 nginx         # RHEL 8/9/10 (Podman)

# List running containers
docker ps                             # RHEL 7
podman ps                             # RHEL 8/9/10

# Build an image
docker build -t myapp .               # RHEL 7
podman build -t myapp .               # RHEL 8/9/10
buildah bud -t myapp .                # RHEL 8/9/10 (alternative)

# Generate systemd service from container
podman generate systemd --new myapp   # RHEL 8/9
# RHEL 10: use Quadlet files instead (see Containers section above)

System Information

# Check RHEL version
cat /etc/redhat-release              # All versions

# Check kernel version
uname -r                             # All versions

# Check architecture level (RHEL 10 requires v3)
/lib64/ld-linux-x86-64.so.2 --help 2>&1 | grep supported
# x86-64-v3 (supported, searched)

# Check cgroups version
stat -fc %T /sys/fs/cgroup/          # All versions
# "cgroup2fs" = v2, "tmpfs" = v1

# Check filesystem format
xfs_info /mount/point                # XFS details
df -Th                               # All filesystems with type

Crypto and Security

# Check crypto policy (RHEL 8/9/10)
update-crypto-policies --show

# Set crypto policy
update-crypto-policies --set FUTURE       # Strict
update-crypto-policies --set DEFAULT      # Standard
update-crypto-policies --set FIPS         # FIPS 140 mode

# Check SELinux status
getenforce                                # All versions
sestatus                                  # All versions

# Set SELinux mode
setenforce 0                              # Permissive (temporary)
vi /etc/selinux/config                    # Persistent change
RHEL Sysadmin linux linux-admin
Share this article
X / Twitter LinkedIn Reddit
Related Articles

Continue Reading

Build a Raspberry Pi SMS Server with a GSM Modem
Linux Tutorials

Build a Raspberry Pi SMS Server with a GSM Modem

Turn a Raspberry Pi and a GSM modem into an SMS gateway that monitors and controls remote equipment...

3 min
sched_ext: Build Custom CPU Schedulers with eBPF on Linux
Linux Tutorials

sched_ext: Build Custom CPU Schedulers with eBPF on Linux

Linux kernel 6.12 lets you write, load, and hot-swap CPU schedulers at runtime using eBPF. Build...

6 min
Oracle Linux on Raspberry Pi 4: Enterprise Linux on ARM
Linux Tutorials

Oracle Linux on Raspberry Pi 4: Enterprise Linux on ARM

Run Oracle Linux on a Raspberry Pi 4 for an enterprise-grade ARM lab. Installation, UEK kernel,...

4 min