description
NSH is a CLI intended for OpenBSD-based network appliances. It replaces
ifconfig, sysctl and route with its own simple command language, and
consolidates configuration for other daemons into one place, effectively
replacing /etc/netstart and parts of /etc/rc for appliance-style usage.
NSH presents the user with a vaguely cisco-like
interface with all configuration in one easy to read text list.
It also gives the user access to system information and
diagnostics. NSH replaces the userland commands which handle these functions,
and talks directly to the OpenBSD kernel or control utility for daemon functionality.
Supported external utilities:
tftpd, npppd, inetd, smtpd, ldapd, ifstated
bgpd, dhcpd, dhcpleased, dhcrelay, dvmrpd, eigrpd, ftp-proxy, ifstated, inetd,
iked, ipsecctl, ldapd, ldpd, npppd, ntpd, ospfd, ospf6d, pf, rad, relayd,
resolvd, ripd, sasyncd, slaacd, smtpd, snmpd, sshd, tftpd, tftp-proxy.
license
NSH is completely free, it only incorporates code with BSD-style licenses.
status
Follow OpenBSD ports (shells/nsh) or the github repository for updates. NSH 1.2 is the latest release.
New in 1.2:
- tab-completion improvements
- make autoconf4 work on pppoe interfaces
- add interface-context inet and inet6 commands
- add ipcp command which configures IPCP on pppoe interfaces
- require privileged mode for the configure command
- enable secret now performs some password sanity checks
- add show pfcommands to display pf firewall status
- make some top-level commands available in interface/bridge context
- add show ipcommand which provides an overview of IP addresses
- add show active-config and show diff-config commands
- add umb(4) support
- call /sbin/reboot instead of reboot(2) syscall to ensure clean reboots
- use more(1) style input keys for the built-in pager
- make the enable command switch to the root user via doas.conf or root password
- add bgpnsh(8), a minimal version of nsh for use as a BGP looking-glass shell
- add show crontab, crontab edit, crontab install commands
- add show environment, setenv, unsetenv, and saveenv commands
- allow empty configuration files to be filled with data from /etc/examples
- allow nsh commands to be piped to standard input from another process
- add support for running a separate instance of dhcpd per routing domain
- add dhcp restart command
New in 1.1:
- mandoc format manual page
- configure is now part of the typical usage pattern
- show vlan command for a quick view of vlans
- show bridge command for a quick view of bridges
- show interface status command for a quick view of interfaces
- Wireguard support
- ndp support
- static arp interface support
- nameserver support through resolvd (replaces dns local-control)
- interface command mode now requires 'exit' or '..' or ^X to leave
- add several networking related sysctls
- slaacd support, including show autoconf
- dhcpleased support, replacing dhclient
- rc.d scripts
- rad replaces rtadvd
- rxprio/txprio for interfaces (incl. bridges)
- llpriority for interfaces
- eigrpd support
- pair/patch support
- more sensible isakmpd default flags
- show ipsec sadb and show ipsec flows for IPsec users
- pflow support
- Numerous bug fixes
details
Check out examples for example NSH configurations.
development
download