Projects / OpenBSD Network Shell

OpenBSD Network Shell

NSH is a CLI intended for OpenBSD-based network appliances. It replaces ifconfig, sysctl, and route with its own simple command language, and consolidates configuration for other daemons into one place, effectively replacing /etc/netstart and parts of /etc/rc for appliance-style usage. NSH presents the user with a vaguely Cisco-like interface with all configuration in one easy to read text list. It also gives the user access to system information and diagnostics. NSH replaces the userland commands that handle these functions, and talks directly to the OpenBSD kernel or control utility for daemon functionality. Supported external utilities: pf, ospfd, ospf6d, bgpd, ripd, ldpd, relayd, ipsecctl, iked, rtadvd, dvmrpd, sasyncd, dhcpd, snmpd, sshd, ntpd, ifstated, tftp-proxy, ftp-proxy, tftpd, npppd, resolv.conf, inetd, smtpd, ldapd, and ifstated.

Operating Systems

Recent releases

  •  11 Feb 2013 03:08

    Release Notes: Full routing table support across all supported commands, daemons, and routing configurations. All daemons and commands can now be used in any routing table. Multiple daemons can be configured to run, each within their own routing table with non-overlapping configuration. Full IPv6 support in interface and routing configuration. Use of SQLite as a back-end for temporal data. Support for tftpd, tftp-proxy, ospf6d, and npppd in the ctl handler. CARP and pfsync work properly now.

    •  23 May 2012 21:47

      Release Notes: This release adds an ifstated handler, fixes the interface start order, and organizes configurations to start interfaces in the same order as /etc/netstart (this will fix problems for some trunk and carp users).

      •  21 May 2012 15:04

        Release Notes: Various fixes for GCC 4 and newer versions of OpenBSD. Pflow sender/receiver/version support. Fixes the ftp-proxy handler to not use match rules in anchor. Support interface MPLS and MPLS label configuration. New rdomain/rtable controls (per-route rtable, per-tunnel destination rdomain, and per-interface rdomain). A random lladdr option adopted from ifconfig. ldpd, iked, smtpd, and ldapd daemon control integration. A pfsync defer option. Setup for CARP balancing and carppeer. A GRE keepalive option. trunkproto has been fixed (trunk config works now).

        •  05 May 2008 17:38

          Release Notes: Command completion for first level and most second level commands. ftp-proxy, sshd, and inetd handlers (no options yet, just on/off) and a resolv.conf handler (with local-control or dhcp-control.) Various bugfixes. Daemon controls including SSH, NTP, BGP, and OSPF are now production-tested and considered reliable.

          •  08 Feb 2008 11:17

            Release Notes: Full support was added for BGP, OSPF, RIP, IPsec, DHCP, DVMRP, SNMP, NTP, relayd, and sasyncd. New support was added for route labels, interface groups, group attributes, vlan priority, arp show, and arp set. Significant code cleanup was done. Basic paging support was added for show run and show start.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.