Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.66.2
NetBird `v0.66.x` adds support for exposing a local HTTP service
from the CLI with the `netbird expose`[1] command, but only for
self-hosted deployments. Cloud support is coming.
[1]: https://docs.netbird.io/manage/reverse-proxy/expose-from-cli
---
`0.65.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.65.3
NetBird `v0.65.x` now includes a built-in reverse proxy[1], but only for
self-hosted deployments and is currently in beta. Cloud support is
coming soon.
Important: pre-shared keys or Rosenpass are currently incompatible with
the reverse proxy feature.
[1]: https://docs.netbird.io/manage/reverse-proxy
---
`v0.63.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.63.0
NetBird now supports private DNS zones[1].
[1]: https://docs.netbird.io/manage/dns/custom-zones
---
`v0.62.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.62.3
Upstream minimum Go requirement raised from `v1.24.x` to `v1.25.x`,
see the go.mod[1].
[1]: https://github.com/netbirdio/netbird/blob/v0.62.3/go.mod#L3-L5
---
Building `netbird` with Go 1.26.x fails with errors:
```
[...]
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:22:2: WaitReasonSelect redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:22:2: other declaration of WaitReasonSelect
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:23:2: WaitReasonChanReceive redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:23:2: other declaration of WaitReasonChanReceive
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:24:2: WaitReasonSemacquire redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:24:2: other declaration of WaitReasonSemacquire
[...]
```
Upstream Issue: https://github.com/netbirdio/netbird/issues/5290
Upstream PR: https://github.com/netbirdio/netbird/pull/5447
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Add `NB_DNS_STATE_FILE="/var/lib/netbird/state.json"` to the init
environment. This moves the state from the directory
`/root/.config/netbird` to the file `/var/lib/netbird/state.json` to
avoid storage wear. Note: the file is not preserved across reboots.
The state file contains information such as locally disabled routes and
other data primarily useful for desktop clients. In OpenWrt setups,
these changes are normally handled by the NetBird `management` server.
This matches the behavior prior to `netbird` v0.52.x, I have not
received any reports that this file caused problems before, so it is
unlikely to cause issues now.
The previous state file `/root/.config/netbird/state.json` can be removed.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
* the suspend/resume function now uses the external
DNS bridge when this function is used
* refine the f_nftadd function
* more file debug logging
* LuCI: add unfiltered DNS-Server to the DNS bridge selection
* LuCI: minor fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add support for OpenVPN netifd detection (thanks @egc112)
* add support for disable LAN->WAN forwarding when `strict_enforcement` is
set on start and restart (thanks @egc112)
* fix: always create marking chains for interfaces
* fix: insert DSCP/ICMP-related nft rules after marking chains
* fix: shellcheck-related improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: always print errors/warnings on non-quiet start
* bugfix: return proper enabled status in RPCD
* bugfix: return stupped status in RPCD when procd data is empty
* bugfix: correctly process verbosity=0
* delete LICENSE file and only keep it upstream
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Use wan_$DEVICENAME naming scheme instead of using consecutive numbering
for the network name.
This makes it easier to match the network interface to the corresponding
network.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Set the device option for the network. This is solely for the ease of
matching the network to the corresponding network interface.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
The previous commit 09c14817 introduced TS_NO_LOGS_NO_SUPPORT but
used procd_set_param for a subsequent environment variable. This
overwrote the previous env setting, causing fw_mode to be missed.
Switch to procd_append_param to ensure all environment variables are
properly passed to the process.
Signed-off-by: Tung-Yi Chen <cmtsij@gmail.com>
bridge-utils is obsolete software because ip command has
bridge functionality. And OpenWrt uses BusyBox's brctl
by default, so most users will not be affected by this change.
Signed-off-by: Yanase Yuki <dev@zpc.st>
This software seems no longer maintained by upstream.
The latest upstream release is 10 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
This software seems no longer maintained by upstream.
The latest upstream commit is 8 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
These LLVM builds get deleted after a certain time, causing Rust builds
to break as the LLVM build can no longer be downloaded.
Fixes#27331.
Signed-off-by: Orne Brocaar <info@brocaar.com>
* fixed the debug errorfile handling
* fixed a typo in the nftadd function
* minor cornercase improvements
* LuCI: minor cleanups & fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
By moving the file to a subdirectory, it is easier to track where the file
is located on the target without having to check the Makefile every time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
By moving the file to a subdirectory, it is easier to track where the file
is located on the target without having to check the Makefile every time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Move the 'INSTALL_DIR' creation in the make install target to the location
where the files are also installed. This prevents directories that are no
longer needed from being forgotten during refactoring.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* bugfix: support TMP and final block-list destination on different
partitions
* update pause-related code/defaults/validation
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Rather than having a database selection for SQLITE which prevents
the server or frontend from building, we add a 'basic'
variant for the proxy which uses sqlite3, and have the database
Kconfig affect only the server and frontend.
* There are now only three variants:
1. full, which is the default. It includes the full monitoring feature
set currently available on openwrt, including netsnmp, curl-based
checks, and ldap. In addition these features, plus the choice of
database and ssl provider (or no ssl) are configuration options for
this variant.
2. basic, which provides basic functions with openssl support
3. no-configure, for packages which are not part of the main Zabbix
compile process (including the WebUI which only requires copying
files for use by a web server with PHP CGI support).
* Full is the default variant for agentd and proxy, which are the only
packages with a choice between full and basic. All other packages only
are part of one variant.
* Full variants are the base version of the packages (that is
zabbix-agentd is the 'full' version while zabbix-agentd-basic is the
core version). The proxy version is named zabbix-proxy-basic-sqlite to
announce that it is using the sqlite3 database and not a database
server.
* get and sender only build if at least one of agentd, server, or proxy
are built. Therefore prevent selection get or sender when they would not
build.
* Zabbix's use of NetSNMP requires that Zabbix be build with OpenSSL
* While we are here, enable support for dates after 2038 (64-bit time_t)
* https://github.com/openwrt/packages/pull/28585#issuecomment-3984978895
* we updated the name to reflect that it is for basic functionality
that can standalone, rather then being a core the other packages
build on.
* basic has been used rather than tiny or small since the sentence
'Provides only tiny/small functionality with SSL/TLS' in the
description, sounds strange, but using basic this reads properly.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Using the php8 dependency allows use to go back to using the
+ZABBIX_POSTGRESQL:php8-mod-pgsql (and like dependency for
mysql/mariadb).
This has the benefit of being an apk dependency so the user does not
install the frontend without a php8 database module.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
bsbf-autoconf-cellular creates a network with MBIM or QMI protocol using a
newly created network interface. It uses metric values from 1 to 8.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Designate bsbf-openwrt-resources as the package to contain the BSBF
packages without a remote source to fetch.
Move bsbf-bonding and bsbf-usb-netdev-autodhcp into bsbf-openwrt-resources.
Change bsbf-usb-netdev-autodhcp to bsbf-autoconf-dhcp along with the logic.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
* add explicit LICENSE file to the repository
* pretty up Makefile
* minor shell script styling improvements
* better parsing if individual dnsmasq instances are used in config
* functional test
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: don't mask RFC1918 in the support output
* bugfix: proper processing of downed interfaces
Thanks to everyone who reported/tested and @egc112 for collecting feedback.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
When a USB UPS is first configured, the permissions on the device under
`/dev/bus/usb` have not yet been set to allow the nut user access. This
resulted in errors such as:
Fri Feb 13 23:39:01 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is not currently connected, trying to reconnect
Fri Feb 13 23:39:01 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is still not connected (FD -1)
Fri Feb 13 23:39:03 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is not currently connected, trying to reconnect
Fri Feb 13 23:39:03 2026 daemon.debug upsd[3504]: [D1] mainloop: UPS
[eco550ups] is still not connected (FD -1)
or
Fri Feb 13 23:38:44 2026 daemon.err usbhid-ups[3083]: No matching HID
UPS found
Fri Feb 13 23:38:49 2026 daemon.warn procd: failed adding instance
cgroup for nut-server: No error information
Fri Feb 13 23:38:49 2026 daemon.err usbhid-ups[3115]: libusb1: Could not
open any HID devices: insufficient permissions on everything
Fri Feb 13 23:38:49 2026 daemon.err usbhid-ups[3115]: No matching HID
UPS found
Fri Feb 13 23:38:54 2026 daemon.warn procd: failed adding instance
cgroup for nut-server: No error information
and upsd would enter a procd crashloop.
We fix that by looking in `sysfs` (under `/sys/devices`) to find the
correct USB device and set its ownership and permissions to allow acces
to the user the driver is running under.
Copilot complained about a few things
* nut-server.init had potential word-splitting issues in various spots.
* it also had some commands missing an argument
* improved documentation was required to clarify a dependency
* an incorrect sed could mangle names as well as remove the intended
name
Additionally, while fixing those issues the author noticed that the case
of multiple UPS devices with the same vendorid:productid were not
correctly handled. A check of the serial number, if provided, was added
along with a fallback to allowing NUT communications with all UPS
devices with a given vendorid:productid, if no serial number was given.
Improve efficiency and decrease McCabe complexity of
ensure_usb_ups_access, while also fixing Copilot complaints.
$@ in case is a problem, and we only handle the first parameter in any
event, so change $@ to "$1"
Copilot caught a missing 2>&1 and we silence some shellcheck
false positives
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Attempt to de-mystify the nut-server initscript by adding comments
and factoring out some common code that adds to complexity of the
functions of which it is part.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Ensure that when a ups is removed from the configuration that its
driver instance is stopped.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Updated configuration was not being applied after config change. This
was due to the means used to do the daemon reloads.
Closes#28298 "Drivers not restarted on config change"
Enable creating PID files for the server, driver, and monitor daemon
processes. This allows to use NUT's built-in facilities for signalling
the daemon's.
For server, when reloading:
1. Check if upsd is running
1. If not, start it.
2. If it is send reload signal to upsd
2. For each driver:
1. Check if the driver is running
1. If it is, send reload-or-exit signal to driver
2. If driver is not running, start it
3. Attempt to start server (upsd and drivers) if service was stopped.
For server, when stopping:
1. Check if upsd is running
1. If it is send stop signal to upsd
2. Ensure it really is stopped
2. For each driver:
1. Check if the driver is running
1. If it is, send stop signal to driver
2. If driver is still running, stop it.
3. If the server process is active (even with not upsd or drivers),
stop it.
For monitor, send the reload signal on config change, with fallback to
stopping and starting the daemon.
Change the names of variables and functions to make it more clear what
is being acted on, configured, or otherwise touched.
Avoid confusing messages in syslog
* Avoid attempting to remove a procd server instance that does not exist
as doing so results in confusing/scary messages in syslog, such as:
Command failed: ubus call service delete
{ "name": "nut-server", "instance": "upsd" } (Not found)
In NUT some models of UPS use shutdown_delay rather than offdelay, and
yet others use usd for the same purpose. shutdown_delay and usd were
previously not available in the list of available driver options, so
add them.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
shellcheck is a useful linter if a bit pedantic and overzealous so
add overrides to silence false positives
Also, fix issues found by the linting.
* misspelling meant initscript could skip updating configuration in
certain circumstances
* minor: assignment of the result of execution as the time of creating
local. This has been separated.
Fix whitespace and comment typos
Fix typo in Config.in option text
* This is cosmetic, but user-facing (for users building via SDK or
buildroot).
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
As reported in #23410 Network interface reset doesn't work as expected
on a Wireguard VPN interface and in #27927 lt2p interface won't reboot,
and mentioned in #27248, the current implementation of the option to
restart an interface when connectivity check fails for some period does
not result in an interface restart for all interface.
Notably 'virtual' interfaces such as Wireguard and L2TP do not restart.
The solution that works is to use `ifup <interface>` instead of only
changing the link status.
This commit is based on the one in #27248 by @rondoval, who unfortunately
has not updated the commit message as requested for half a year.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Since proto was migrated to ovpnproto to avoid collision
with netifd proto, this shall be handled separately.
Also avoid using uci commands to migrate the config which
requires knowing property types; use awk instead.
follow-up to 2607b76154
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
mdio-netlink is forcing all targets in buildbot to build PHY and MDIO
support. Convert the dependency into the PHYLIB kmod to avoid that.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
