Infix v26.01.0

Important

This release includes breaking changes to WiFi configuration that will
result in existing configuration being disabled:

• WiFi station/client configuration has been restructured. The wifi container
  now requires a radio reference, and station configuration has moved under a
  wifi/station container. Existing WiFi configurations must be manually updated
• WiFi radios are now configured via ietf-hardware instead of the interfaces module

Also, Raspberry Pi users must upgrade the bootloader before upgrading to
this release. We recommend backing up your startup-config.cfg and reflash
the SD card with a new sd card image.

Changes

Noteworthy changes and additions in this release are marked below in bold text.

• Upgrade Linux kernel from 6.12.65 to 6.18.8 (LTS)
• Upgrade Buildroot to 2025.02.10 (LTS)
• Upgrade libyang to 4.2.2
• Upgrade sysrepo to 4.2.10
• Upgrade netopeer2 (NETCONF) to 2.7.0
• Add RIPv2 routing support, issue #582
• Add NTP server support, issue #904
• Migrate DHCPv6 client to odhcp6c for improved Router Advertisement integration. Adds support for hybrid RA+DHCPv6 deployments where SLAAC assigns addresses and DHCPv6 provides DNS (common ISP scenario)
• Add support for configurable OSPF debug logging, issue #1281. Debug options can now be enabled per category (bfd, packet, ism, nsm, default-information, nssa). All debug options are disabled by default to prevent log flooding in production environments. See the documentation for usage examples
• Add support for configurable container resource limits, memory and CPU. Resource usage is available through the operational datastore, where the currently active resource limits in the container runtime are also available
• Add support for "routing interfaces", issue #647. Lists interfaces with IP forwarding. Inspect from CLI using show interface, look for ⇅ flag
• Add operational data journal to statd with hierarchical time-based retention policy, keeping snapshots from every 5 minutes (recent) to yearly (historical)
• Add support data collection script, useful when troubleshooting issues on deployed systems. Gathers system information, logs, and more. Issue #1287
• Add WiFi Access Point (AP) mode with multi-SSID support and WPA2/WPA3 security. BREAKING: WiFi architecture refactored with radios configured via ietf-hardware and interfaces requiring radio reference. Station config moved to wifi/station container. Existing Wi-Fi interfaces will be removed during upgrade (for the rest of the configuration to apply) and you need to reconfigure them again. See the WiFi documentation for details
• Add support for WireGuard VPN tunnels.
• Updated CLI change command to support cleartext-symmetric-key (type binary). Used by both WireGuard and WiFi, with application-specific key-format for keys and passphrases
• New default NACM privilege levels (user levels) in factory-config: operator (network & container manager) and guest (read-only). For details, see the updated system configuration documentation, as well as a new dedicated NACM configuration guide
• New show nacm admin-exec command to inspect access control rules
• CLI now supports Ctrl-@ and Ctrl-w/Meta-w to mark and copy test regions
• CLI now uses copy and rpc tools instead of deprecated sysrepocfg. The latter now also require the use of sudo for admin level users
• Enhanced copy command with XPath filtering support
• Kernel now announces details of new USB devices

Fixes

• Fix #515: add per-interface IPv6 forwarding control using the Linux 6.17+ force_forwarding sysctl. This provides true per-interface IPv6 forwarding similar to IPv4, correctly mapping to the ietf-ip.yang model semantics
• Fix #1082: Wi-Fi interfaces always scanned, introduce a scan-mode to the Wi-Fi concept in Infix
• Fix #1313: Container is not restarted if environment variable is changed
• Fix #1314: Raspberry Pi 4B with 1 or 8 GiB RAM does not boot. This was due newer EEPROM firmware in newer boards require a newer rpi-firmware package
• Fix #1345: firewall not updating when interfaces become bridge/lag ports
• Fix #1346: firewall complains in syslog, missing /etc/firewalld/firewalld.conf
• Fix Raspberry Pi 2B build, among other things, the aarch32_defconfig did not include a dtb. Please note, the platform has now been renamed to arm
• Fix default password hash in do password encrypt command. New hash is the same as the more commonly used change password command, yescrypt
• Prevent MOTD from showing on non-shell user login attempts
• Fix mDNS reflector.

Tip

Try Infix in GNS3! Download the appliance from the GNS3 Marketplace to test Infix in a virtual network environment without hardware.

Infix v26.01.0-rc2

Important

This release includes breaking changes to WiFi configuration that will
result in existing configuration being disabled:

• WiFi station/client configuration has been restructured. The wifi container
  now requires a radio reference, and station configuration has moved under a
  wifi/station container. Existing WiFi configurations must be manually updated
• WiFi radios are now configured via ietf-hardware instead of the interfaces module

Also, Raspberry Pi users must upgrade the bootloader before upgrading to
this release. We recommend backing up your startup-config.cfg and reflash
the SD card with a new sd card image.

Changes

Noteworthy changes and additions in this release are marked below in bold text.

• Upgrade Linux kernel from 6.12.65 to 6.18.8 (LTS)
• Upgrade Buildroot to 2025.02.10 (LTS)
• Upgrade libyang to 4.2.2
• Upgrade sysrepo to 4.2.10
• Upgrade netopeer2 (NETCONF) to 2.7.0
• Add RIPv2 routing support, issue #582
• Add NTP server support, issue #904
• Migrate DHCPv6 client to odhcp6c for improved Router Advertisement integration. Adds support for hybrid RA+DHCPv6 deployments where SLAAC assigns addresses and DHCPv6 provides DNS (common ISP scenario)
• Add support for configurable OSPF debug logging, issue #1281. Debug options can now be enabled per category (bfd, packet, ism, nsm, default-information, nssa). All debug options are disabled by default to prevent log flooding in production environments. See the documentation for usage examples
• Add support for configurable container resource limits, memory and CPU. Resource usage is available through the operational datastore, where the currently active resource limits in the container runtime are also available
• Add support for "routing interfaces", issue #647. Lists interfaces with IP forwarding. Inspect from CLI using show interface, look for ⇅ flag
• Add operational data journal to statd with hierarchical time-based retention policy, keeping snapshots from every 5 minutes (recent) to yearly (historical)
• Add support data collection script, useful when troubleshooting issues on deployed systems. Gathers system information, logs, and more. Issue #1287
• Add WiFi Access Point (AP) mode with multi-SSID support and WPA2/WPA3 security. BREAKING: WiFi architecture refactored with radios configured via ietf-hardware and interfaces requiring radio reference. Station config moved to wifi/station container. Existing Wi-Fi interfaces will be removed during upgrade (for the rest of the configuration to apply) and you need to reconfigure them again. See the WiFi documentation for details
• Add support for WireGuard VPN tunnels.
• Updated CLI change command to support cleartext-symmetric-key (type binary). Used by both WireGuard and WiFi, with application-specific key-format for keys and passphrases
• New default NACM privilege levels (user levels) in factory-config: operator (network & container manager) and guest (read-only). For details, see the updated system configuration documentation, as well as a new dedicated NACM configuration guide
• New show nacm admin-exec command to inspect access control rules
• CLI now supports Ctrl-@ and Ctrl-w/Meta-w to mark and copy test regions
• CLI now uses copy and rpc tools instead of deprecated sysrepocfg. The latter now also require the use of sudo for admin level users
• Enhanced copy command with XPath filtering support
• Kernel now announces details of new USB devices

Fixes

• Fix #515: add per-interface IPv6 forwarding control using the Linux 6.17+ force_forwarding sysctl. This provides true per-interface IPv6 forwarding similar to IPv4, correctly mapping to the ietf-ip.yang model semantics
• Fix #1082: Wi-Fi interfaces always scanned, introduce a scan-mode to the Wi-Fi concept in Infix
• Fix #1313: Container is not restarted if environment variable is changed
• Fix #1314: Raspberry Pi 4B with 1 or 8 GiB RAM does not boot. This was due newer EEPROM firmware in newer boards require a newer rpi-firmware package
• Fix #1345: firewall not updating when interfaces become bridge/lag ports
• Fix #1346: firewall complains in syslog, missing /etc/firewalld/firewalld.conf
• Fix Raspberry Pi 2B build, among other things, the aarch32_defconfig did not include a dtb. Please note, the platform has now been renamed to arm
• Fix default password hash in do password encrypt command. New hash is the same as the more commonly used change password command, yescrypt
• Prevent MOTD from showing on non-shell user login attempts
• Fix mDNS reflector.

Tip

Try Infix in GNS3! Download the appliance from the GNS3 Marketplace to test Infix in a virtual network environment without hardware.

Infix v26.01.0-rc1

Important

This release includes breaking changes to WiFi configuration that will
result in existing configuration being disabled:

• WiFi station/client configuration has been restructured. The wifi container
  now requires a radio reference, and station configuration has moved under a
  wifi/station container. Existing WiFi configurations must be manually updated
• WiFi radios are now configured via ietf-hardware instead of the interfaces module

Also, Raspberry Pi users must upgrade the bootloader before upgrading to
this release. We recommend backing up your startup-config.cfg and reflash
the SD card with a new sd card image.

Changes

Noteworthy changes and additions in this release are marked below in bold text.

• Upgrade Linux kernel from 6.12.65 to 6.18.8 (LTS)
• Upgrade Buildroot to 2025.02.10 (LTS)
• Upgrade libyang to 4.2.2
• Upgrade sysrepo to 4.2.10
• Upgrade netopeer2 (NETCONF) to 2.7.0
• Add RIPv2 routing support, issue #582
• Add NTP server support, issue #904
• Migrate DHCPv6 client to odhcp6c for improved Router Advertisement integration. Adds support for hybrid RA+DHCPv6 deployments where SLAAC assigns addresses and DHCPv6 provides DNS (common ISP scenario)
• Add support for configurable OSPF debug logging, issue #1281. Debug options can now be enabled per category (bfd, packet, ism, nsm, default-information, nssa). All debug options are disabled by default to prevent log flooding in production environments. See the documentation for usage examples
• Add support for configurable container resource limits, memory and CPU. Resource usage is available through the operational datastore, where the currently active resource limits in the container runtime are also available
• Add support for "routing interfaces", issue #647. Lists interfaces with IP forwarding. Inspect from CLI using show interface, look for ⇅ flag
• Add operational data journal to statd with hierarchical time-based retention policy, keeping snapshots from every 5 minutes (recent) to yearly (historical)
• Add support data collection script, useful when troubleshooting issues on deployed systems. Gathers system information, logs, and more. Issue #1287
• Add WiFi Access Point (AP) mode with multi-SSID support and WPA2/WPA3 security. BREAKING: WiFi architecture refactored with radios configured via ietf-hardware and interfaces requiring radio reference. Station config moved to wifi/station container. Existing Wi-Fi interfaces will be removed during upgrade (for the rest of the configuration to apply) and you need to reconfigure them again. See the WiFi documentation for details
• Add support for WireGuard VPN tunnels.
• Updated CLI change command to support cleartext-symmetric-key (type binary). Used by both WireGuard and WiFi, with application-specific key-format for keys and passphrases
• New default NACM privilege levels (user levels) in factory-config: operator (network & container manager) and guest (read-only). For details, see the updated system configuration documentation, as well as a new dedicated NACM configuration guide
• New show nacm admin-exec command to inspect access control rules
• CLI now supports Ctrl-@ and Ctrl-w/Meta-w to mark and copy test regions
• CLI now uses copy and rpc tools instead of deprecated sysrepocfg. The latter now also require the use of sudo for admin level users
• Enhanced copy command with XPath filtering support
• Kernel now announces details of new USB devices

Fixes

• Fix #515: add per-interface IPv6 forwarding control using the Linux 6.17+ force_forwarding sysctl. This provides true per-interface IPv6 forwarding similar to IPv4, correctly mapping to the ietf-ip.yang model semantics
• Fix #1082: Wi-Fi interfaces always scanned, introduce a scan-mode to the Wi-Fi concept in Infix
• Fix #1313: Container is not restarted if environment variable is changed
• Fix #1314: Raspberry Pi 4B with 1 or 8 GiB RAM does not boot. This was due newer EEPROM firmware in newer boards require a newer rpi-firmware package
• Fix #1345: firewall not updating when interfaces become bridge/lag ports
• Fix #1346: firewall complains in syslog, missing /etc/firewalld/firewalld.conf
• Fix Raspberry Pi 2B build, among other things, the aarch32_defconfig did not include a dtb. Please note, the platform has now been renamed to arm
• Fix default password hash in do password encrypt command. New hash is the same as the more commonly used change password command, yescrypt
• Prevent MOTD from showing on non-shell user login attempts
• Fix mDNS reflector.

Tip

Try Infix in GNS3! Download the appliance from the GNS3 Marketplace to test Infix in a virtual network environment without hardware.

Infix v25.08.2

Changes

• Upgrade Linux kernel to 6.12.63 (LTS)
• Enable workaround for issue #670 by disabling iitod on styx platform. This
  prohibits software control of LEDs, leaving the default HW control, which
  has proven more stable on this platform
• Add support for configurable OSPF debug logging, issue #1281. Debug options
  can now be enabled per category (bfd, packet, ism, nsm, default-information,
  nssa). All debug options are disabled by default to prevent log flooding in
  production environments. See the documentation for usage examples
• Add support data collection script, useful when troubleshooting issues on
  deployed systems. Gathers system information, logs, and more. Issue #1287
• Enable kernel panic on lockups + hung tasks => console log + reboot. Also,
  enable watchdogd resource monitors, logs: memory/file system + descriptor
  usage. Issue #1318
• Enable CN9130 HW watchdog, and kernel test_lockup module, issue #1320

Fixes

• Fix #981: copying any file, including running-config, to the persistent
  back-end store for startup-config, does not take
• Fix #1203: copying any file, including startup-config, to running-config
  does not take

Infix v25.08.2-rc1

Changes

• Upgrade Linux kernel to 6.12.63 (LTS)
• Enable workaround for issue #670 by disabling iitod on styx platform. This
  prohibits software control of LEDs, leaving the default HW control, which
  has proven more stable on this platform
• Add support for configurable OSPF debug logging, issue #1281. Debug options
  can now be enabled per category (bfd, packet, ism, nsm, default-information,
  nssa). All debug options are disabled by default to prevent log flooding in
  production environments. See the documentation for usage examples
• Add support data collection script, useful when troubleshooting issues on
  deployed systems. Gathers system information, logs, and more. Issue #1287
• Enable kernel panic on lockups + hung tasks => console log + reboot. Also,
  enable watchdogd resource monitors, logs: memory/file system + descriptor
  usage. Issue #1318
• Enable CN9130 HW watchdog, and kernel test_lockup module, issue #1320

Fixes

• Fix #981: copying any file, including running-config, to the persistent
  back-end store for startup-config, does not take
• Fix #1203: copying any file, including startup-config, to running-config
  does not take

Infix v25.11.0

Note

Noteworthy changes and additions in this release:

• DHCPv6 client support
• Configurable support for TTL in GRE/VXLAN tunnels
• Extensive filtering support for syslog messages

Changes

• Upgrade Buildroot to 2025.02.8 (LTS)
• Upgrade Linux kernel to 6.12.60 (LTS)
• Initial support for 32-bit ARM systems, reference board: Raspberry Pi 2B
• Enable MVEBU SafeXcel Crypto Engine firmware for Marvell Armada SOCs (37xx, 7k, 8k, and CN913x series). Fixes kernel warnings about firmware load failures and crypto-safexcel probe errors on affected boards
• Major improvements to OSPF and BFD operational data and CLI commands:
  • CLI commands now use data from the operational datastore instead of calling vtysh directly, providing better integration and consistency
  • New show ip ospf command family (neighbor, interface, route) to align with industry standard CLI conventions. Legacy show ospf commands are deprecated but still work with warnings
  • The show ip ospf database subcommand has been dropped for now, the advanced user can still use vtysh from Bash if necessary, issue #1253
  • Extended BFD commands: show bfd (status), show bfd peers (detailed), show bfd peers brief (table format), and show bfd peer <address>
  • All command names now use singular form (interface, route, neighbor) matching Cisco/FRR conventions, as well as configure context naming
  • New support for configuring OSPF interface priority for DR/BDR election
• The DHCP client configuration has moved from /infix-dhcp-client:dhcp-client to /interfaces/interface[name]/ipv4/infix-dhcp-client:dhcp, issue #1109. The configuration is automatically migrated on upgrade. The DHCP client is now enabled using a presence container instead of a separate enabled leaf
• The enabled node for IPv4 autoconf (ZeroConf) has been dropped, autoconf is now a presence container. Configuration automatically migrated on upgrade
• Add DHCPv6 client support for per-interface IPv6 configuration, augmenting /interfaces/interface[name]/ipv6/infix-dhcpv6-client:dhcp, issue #1110
• Fix namespace for DHCPv4 client YANG module from urn:ietf:params:xml:ns:yang to urn:infix:params:xml:ns:yang to properly reflect custom implementation
• Improvements to sdcard.img generation, useful for developers mostly:
  • The NanoPi R2S bootloader is now automatically built and uploaded to the latest-boot release tag
  • The utils/mkimage.sh script now supports fetching the bootloader
  • The raspberrypi-rpi64 board's bootloader is now aptly named rpi64
• Add support for configuring TTL, ToS/DSCP, and Path MTU Discovery on GRE and VXLAN tunnels. This also changes the default TTL of tunnels to 64, from the kernel default (inherit), which in turn fixes reported issues with dropped OSPF Hello frames in GRE tunnels
• Document how to go from SD card to eMMC on BPi-R3
• Add CLI commands for managing boot partition order: show boot-order and set boot-order allow viewing and changing the boot order from the CLI, complementing the existing YANG RPC support, issue #1032
• Extended syslog filtering capabilities, issue #1091:
  • Add support for pattern matching using POSIX extended regular expressions on message content (IETF select-match feature)
  • Add support for advanced severity comparison: exact match (equals) and exclusion (block/stop) in addition to the default equals-or-higher (IETF select-adv-compare feature)
  • Add support for hostname-based filtering, useful when acting as a log server to route messages from different devices to separate log files
  • Add support for property-based filtering with operators (contains, isequal, startswith, regex, ereregex) on message properties (msg, msgid, programname, hostname, source, data), with optional case-insensitive and negate modifiers
• Update factory configuration for BPi-R3 and NanoPi R2S boards to enable DHCPv6 client on WAN interface and allow traffic forwarding from LAN to WAN zone in the firewall (this is what most users expect)
• New support command for collecting system diagnostics to aid in both troubleshooting and support. Run support collect > data.tar.gz locally or remotely via SSH to gather configuration, logs, network state, and system information (encryption using gpg available too)

Fixes

• Fix #855: User admin sometimes fails to be added to wheel group
• Fix #1112: setting hostname via DHCP client sometimes gets overridden by the configured system hostname
• Fix #1247: Prevent invalid configuration of OSPF backbone area (0.0.0.0) as stub or NSSA. The backbone must always be a normal area per RFC 2328. Any existing invalid configurations are automatically corrected during upgrade
• Fix #1255: serious regression in boot time, introduced in v25.10, delays the boot step "Mounting filesystems ...", from 30 seconds up to five minutes!
• Fix #1289: SSH host key generation warning at boot after factory reset
• Fix broken intra-document links in container and tunnel documentation
• Fix show dhcp-server command crashing with invalid timestamp format. DHCP lease expiry timestamps had double timezone suffix causing libyang validation errors
• Fix show dhcp-server output alignment. The EXPIRES column was misaligned when CLIENT ID field was empty, and CLIENT ID column was too narrow for typical 20-character client IDs

Tip

Try Infix in GNS3! Download the appliance from the GNS3 Marketplace to test Infix in a virtual network environment without hardware.

Infix v25.11.0-rc2

Note

Noteworthy changes and additions in this release:

• DHCPv6 client support
• Configurable support for TTL in GRE/VXLAN tunnels
• Extensive filtering support for syslog messages

Changes

• Upgrade Buildroot to 2025.02.8 (LTS)
• Upgrade Linux kernel to 6.12.60 (LTS)
• Initial support for 32-bit ARM systems, reference board: Raspberry Pi 2B
• Enable MVEBU SafeXcel Crypto Engine firmware for Marvell Armada SOCs (37xx,
  7k, 8k, and CN913x series). Fixes kernel warnings about firmware load failures
  and crypto-safexcel probe errors on affected boards
• Major improvements to OSPF and BFD operational data and CLI commands:
  • CLI commands now use data from the operational datastore instead of
    calling vtysh directly, providing better integration and consistency
  • New show ip ospf command family (neighbor, interface, route) to align
    with industry standard CLI conventions. Legacy show ospf commands are
    deprecated but still work with warnings
  • The show ip ospf database subcommand has been dropped for now, the
    advanced user can still use vtysh from Bash if necessary, issue #1253
  • Extended BFD commands: show bfd (status), show bfd peers (detailed),
    show bfd peers brief (table format), and show bfd peer <address>
  • All command names now use singular form (interface, route, neighbor)
    matching Cisco/FRR conventions, as well as configure context naming
  • New support for configuring OSPF interface priority for DR/BDR election
• The DHCP client configuration has moved from /infix-dhcp-client:dhcp-client
  to /interfaces/interface[name]/ipv4/infix-dhcp-client:dhcp, issue #1109.
  The configuration is automatically migrated on upgrade. The DHCP client is
  now enabled using a presence container instead of a separate enabled leaf
• The enabled node for IPv4 autoconf (ZeroConf) has been dropped, autoconf
  is now a presence container. Configuration automatically migrated on upgrade
• Add DHCPv6 client support for per-interface IPv6 configuration, augmenting
  /interfaces/interface[name]/ipv6/infix-dhcpv6-client:dhcp, issue #1110
• Fix namespace for DHCPv4 client YANG module from urn:ietf:params:xml:ns:yang
  to urn:infix:params:xml:ns:yang to properly reflect custom implementation
• Improvements to sdcard.img generation, useful for developers mostly:
  • The NanoPi R2S bootloader is now automatically built and uploaded to
    the latest-boot release tag
  • The utils/mkimage.sh script now supports fetching the bootloader
  • The raspberrypi-rpi64 board's bootloader is now aptly named rpi64
• Add support for configuring TTL, ToS/DSCP, and Path MTU Discovery on GRE and
  VXLAN tunnels. This also changes the default TTL of tunnels to 64, from the
  kernel default (inherit), which in turn fixes reported issues with dropped
  OSPF Hello frames in GRE tunnels
• Document how to go from SD card to eMMC on BPi-R3
• Add CLI commands for managing boot partition order: show boot-order and
  set boot-order allow viewing and changing the boot order from the CLI,
  complementing the existing YANG RPC support, issue #1032
• Extended syslog filtering capabilities, issue #1091:
  • Add support for pattern matching using POSIX extended regular expressions
    on message content (IETF select-match feature)
  • Add support for advanced severity comparison: exact match (equals) and
    exclusion (block/stop) in addition to the default equals-or-higher
    (IETF select-adv-compare feature)
  • Add support for hostname-based filtering, useful when acting as a log
    server to route messages from different devices to separate log files
  • Add support for property-based filtering with operators (contains, isequal,
    startswith, regex, ereregex) on message properties (msg, msgid, programname,
    hostname, source, data), with optional case-insensitive and negate modifiers
• Update factory configuration for BPi-R3 and NanoPi R2S boards to enable
  DHCPv6 client on WAN interface and allow traffic forwarding from LAN to WAN
  zone in the firewall (this is what most users expect)
• New support command for collecting system diagnostics to aid in both
  troubleshooting and support. Run support collect > data.tar.gz
  locally or remotely via SSH to gather configuration, logs, network state,
  and system information (encryption using gpg available too)

Fixes

• Fix #855: User admin sometimes fails to be added to wheel group
• Fix #1112: setting hostname via DHCP client sometimes gets overridden by the
  configured system hostname
• Fix #1247: Prevent invalid configuration of OSPF backbone area (0.0.0.0) as
  stub or NSSA. The backbone must always be a normal area per RFC 2328. Any
  existing invalid configurations are automatically corrected during upgrade
• Fix #1255: serious regression in boot time, introduced in v25.10, delays the
  boot step "Mounting filesystems ...", from 30 seconds up to five minutes!
• Fix #1289: SSH host key generation warning at boot after factory reset
• Fix broken intra-document links in container and tunnel documentation
• Fix show dhcp-server command crashing with invalid timestamp format.
  DHCP lease expiry timestamps had double timezone suffix causing libyang
  validation errors
• Fix show dhcp-server output alignment. The EXPIRES column was misaligned
  when CLIENT ID field was empty, and CLIENT ID column was too narrow for
  typical 20-character client IDs

Tip

Try Infix in GNS3! Download the appliance from the GNS3 Marketplace to test Infix in a virtual network environment without hardware.

Infix v25.10.0

Note

Noteworthy changes and additions in this release:

🛡️ Zone-Based Firewall (ZBF): Protect your network with our zone-based firewall powered by firewalld. Define security zones, set policies between them, and enable masquerading.

📊 System & Hardware Monitoring: CLI show system, show services, and show hardware now give you instant visibility into CPU temperature, fan speeds, memory, running services, and sensor data from SFP modules, WiFi radios, and more. All operational data also available over NETCONF and RESTCONF.

🚀 Expanded Hardware Support: The NanoPi R2S is now included in the default Aarch64 build, which also adds support for Raspberry Pi 3B, and Raspberry Pi CM4 variants. All boards now benefit from automatic /var partition expansion on first boot.

Changes

• Upgrade Buildroot to 2025.02.7 (LTS)

• Upgrade Linux kernel to 6.12.56 (LTS)

• Extend NETCONF and RESTCONF scripting documentation with operational data examples, discovery patterns, and common workflow examples, issue #1156

• Initial support for a zone-based firewall, based on firewalld, issue #448

• Add validate option to CLI copy command. This can be used before doing a restore of a backup, or when having edited configuration files manually. With the validate flag (-n from the shell) the file is only loaded and validated against the YANG models, it is not rolled in if validation is successful, issue #373. Example:

    copy /media/backup/old.cfg running-config validate
  

• Automatically expand /var partition at first boot on all MMC-based devices

• New upgrade RPC (action) for containers using images with mutable tags

• Optimize startup of preexisting containers by adding metadata to track all OCI archives loaded into container store, and all container configurations used to create container instances. Instances are now only recreated when metadata from an existing instance does not match either the configuration or the image — because of configuration changes or image upgrades

• Updated container documentation on volumes, image tags, and image upgrade

• Add new show services command to display running system services

• Add new show system command with comprehensive system overview including hostname, uptime, load average, CPU/fan temperatures, memory, disk usage

• Add hardware sensor monitoring support in show hardware with hierarchical display of temperature, fan, voltage, current, and power sensors

• Add support for NanoPi R2S router platform to the default Aarch64 build, bumping it to Tier 2 support (SD-card images built separately)

• Add support for Raspberry Pi 3B (BCM2837)

• Add support for Raspberry Pi Compute Module 4 IoT Router Board Mini

• Add support for Raspberry Pi Compute Module 4 NVME NAS box

• Add reboot option to CLI upgrade command for automatic system restart

Fixes

• Fix #981: copying any file, including running-config, to the persistent back-end store for startup-config, does not take
• Fix #1121: Ensure DHCP server does not crash if no address pool is set. This change infers a pool range (only) for /24 networks, and only when a pool is enabled. YANG validation for this and other use-cases is also included. As an unforeseen bonus, Infix now also support non-pool (static lease) setups
• Fix #1122: Add YANG validation for consistency, IP addresses are not allowed on bridge port (interfaces). Even though Infix previously allowed this, but disregarded it operationally, it is no longer supported in the configuration
• Fix #1146: Possible to set longer containers names than the system supports. Root cause, a limit of 15 characters implicitly imposed by the service mgmt daemon, Finit. The length has not been increased to 64 characters (min: 2) and the YANG model now properly warns if the name is outside of these limits
• Fix #1147: Use container metadata to clean up lingering old container images instead of using the too broad podman image prune -af command
• Fix #1148: Only retry container instance create on remote images
• Fix #1149: Increase podman stop timeout, from 10 to 30 seconds, needed with bigger containers on heavily loaded systems
• Fix #1194: CLI text-editor command does not do proper input sanitation
• Fix #1197: RPi4 no longer boots after BPi-R3 merge, introduced in v25.09
• Upgrade fixes for containers with mutable images, e.g., :latest. Infix now always tries to fetch a new version of the OCI archive, for remote images, regardless of the transport. After upgrade the old image is pruned
• Fix #1203: copying any file, including startup-config, to running-config does not take

Tip

Try Infix in GNS3! Download the appliance from the GNS3 Marketplace to test Infix in a virtual network environment without hardware.

Infix v25.08.1

Changes

• N/A

Fixes

• Fix #1150: show-legacy wrapper permissions
• Fix #1155: show ospf commands regression
• Fix #1169: Expected OSPF neighbors not shown in sysrepocfg when the system has at least one non-OSPF interface

Infix v25.08.1-rc1

Changes

• N/A

Fixes

• Fix #1150: show-legacy wrapper permissions
• Fix #1155: show ospf commands regression
• Fix #1169: Expected OSPF neighbors not shown in sysrepocfg when the system has at least one non-OSPF interface