#ifstate 1.13.5 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.5
(already available in @alpinelinux edge + 3.21 + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)
This maintenance release fixes an exception breaking ifstate when pyroute2 0.9.1+ is used.
Das Wetter ist hier so lala: statt eines schönen Landregens ist alles nur grau bewölkt 
… also gute Gelegenheit meinen CLT Vortrag nachzuarbeiten:
Ihr findet neben der Aufzeichnung jetzt auch die Folien als PDF: https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/306
Wer sich für die Demos interessiert findet hier die Quellen für das Ansible Deployment: https://codeberg.org/liske/clt2025-liske-firewalls
(Bei @clt_news ist wohl auch schlechtes Wetter, die Folien wurden innerhalb von 15min verlinkt 
- Danke! 
)
#ifstate 1.13.4 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.4
(already available in @alpinelinux edge + 3.21 + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)
This maintenance release includes a single fix for the configuration of sysctl settings. The bug prevented ifstate from changing more than a single sysctl setting at a time. 
Mein Vortrag von den #clt2025 ist schon als Aufzeichnung verfügbar: https://media.ccc.de/v/clt25-306-firewalls-mandantenfahig-redundant-deklarativ
Vielen Dank an alle die zugeschaut haben/es sich ggf. noch anschauen werden. Ich hoffe es hat euch ein paar neue Einblicke gegeben. Mir hat es wieder sehr viel Spaß gemacht. 
I've found a hint in sysfs: the `of_node` symlink in `/sys/class/net/$IFACE/` points to different device nodes entries.
dsa → /sys/firmware/devicetree/base/ethernet@1e100000/mac@0
eth0 → /sys/firmware/devicetree/base/ethernet@1e100000/mac@1
It is independent from the name or the netns of the interface. But it seems to only work on platforms with device tree support.
Any experience with DSA on x86_64 platform? Any chance to get this detail via netlink? 
I wonder how DSA network interfaces can be distinguished reliable. The port interfaces can be easily identified by the phys_port_name IFLA, but what is about the master interfaces?
I've access to a SoC which has a `dsa` and `eth0` interface (besides 4 port ifaces). Both have the same driver, the same businfo and the same mac address. How can they be distinguished at all, even if they have been renamed or moved into a netns?
Any ideas?
#TIL sysctl net.ipv4.conf.all.promote_secondaries
When enabled (it is not by default) one can remove the primary (read: first assigned) ipv4 address of an interface w/o removing all other assigned ipv4 addresses. This may help when you need to renumber remotely…
(…and do not have some declarative network configuration tool like #ifstate ;-)
#ifstate 1.13.2 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.2
(available in @alpinelinux edge + 3.21 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)
This maintenance release includes fixes for configuring FDB entries.
The configuration of VXLAN with non-default UDP ports, unicast and static flooding now works correctly: https://ifstate.net/examples/vxlan.html
#ifstate 1.13.1 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.1
(available in @alpinelinux edge + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)
You may have guessed it already: there was a bug in ifstate about routes with NLRI from another address family. ifstate's config JSON schema has allowed this for a long time and now it really works
#ifstate 1.13.0 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.13.0
(available in @alpinelinux edge + 3.20 + 3.19 and in @m4rc3l's Nix flake https://codeberg.org/m4rc3l/ifstate.nix)
Among other minor changes one major change is the refactoring of the vrrp-fifo action (which allows to use ifstate with keepalived's vrrp_notify_fifo_script option). This fixes a race condition breaking ip failover when using more than a single vrrp groups or instances with a netns were used.
#ifstate 1.12.0 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.12.0
(available in @alpinelinux edge + 3.20 + 3.19)
The config schema has two small extensions:
- add missing bind_netns support for sit tunnels
- support Distributed Switch Architecture (DSA) interfaces that (e.g. available on Banana Pi)
Bugfixes found in this release:
- ipv6 addresses disabled by DAD are now reconfigured
- handle missing /dev/log (e.g. for #NixOS initrd support)
This week I held a training course on linux routing for customers and colleagues. And we found a few bugs in ifstate...
#ifstate 1.11.9 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.11.9
(already available in @alpinelinux edge + 3.19 and @m4rc3l #Nix module)
ifstate now recognises #ipv6 addresses flagged `dadfailure` and reassigns them to reset the error condition.
#ifstate 1.11.8 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.11.8
(available in @alpinelinux edge + 3.19)
This is yet another bugfix release fixes an exception in wgnlpy if a peer has a dns based endpoint which does not resolve.
#ifstate 1.11.7 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.11.7
(available in @alpinelinux edge + 3.19)
This is a small bug-fix release for setups where ifstate is run from keepalived using the `vrrp_notify_fifo_script` setting.
https://ifstate.net/docs/vrrp/
There was a a race condition breaking reconfiguration on state changes if more than a single vrrp instance or group was used.
Two new #ifstate versions (1.11.6 + 1.11.5) have been released:
https://codeberg.org/liske/ifstate/releases/tag/1.11.5
https://codeberg.org/liske/ifstate/releases/tag/1.11.6
(available in @alpinelinux edge + 3.19)
Both are bug-fix releases fixing broken virtual interface creation with `master` attributes and an exception if WireGuard is used with `vrrp-fifo` mode.
The veth link creation and netns handling (`peer_netns` attribute) has been fixed, too.
Last week #ifstate 1.11.4 was released:
https://codeberg.org/liske/ifstate/releases/tag/1.11.4
(available in @alpinelinux edge + 3.19)
This is another bug-fix release improving vrrp(-fifo) handling and fixes an annoying false positive error message when configuring traffic control.
#ifstate has moved from github to @Codeberg !
The project website https://ifstate.net has been moved from github pages to #codeberg pages, too.
The migration of the repository, issues and releases worked without any problems. Only when switching to codeberg pages a few adjustments were necessary.
#ifstate 1.11.3 has been released:
https://github.com/liske/ifstate/releases/tag/1.11.3
(available in @alpinelinux edge)
This is a small bug-fix release. It fixes a regression of the `ifstatecli show` action and makes it compatible with iproute2 6.5+ which has moved the lookup files in `/etc/iproute2/` to `/usr/lib/iproute2/`.
#ifstate 1.11.2 has been released:
https://github.com/liske/ifstate/releases/tag/1.11.2
(available in @alpinelinux edge)
Since ifstate 1.9 the vrrp-fifo action to be used with #keepalived was completely broken 
. On @alpinelinux it only had affected the edge branch.
#ifstate 1.11.0 has been released:
https://github.com/liske/ifstate/releases/tag/1.11.0
(available in @alpinelinux edge)
With this release it is possible to add ethtool default settings for interfaces and configure routes and rules conditional for vrrp setups (to be used with #keepalived).
It also fixes not working settings for `ethtool --change` (speed, duplex etc.).
