Skip to content

Add new CLI flags to up command #686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SunsetDrifter merged 1 commit into from
Apr 8, 2026
Merged

Add new CLI flags to up command #686

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/pages/get-started/cli.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,10 @@ The command will check if the peer is logged in and connect to the management se

--allow-server-ssh Allow SSH server on peer. If enabled, the SSH server will be permitted
--disable-auto-connect Disables auto-connect feature. If enabled, then the client won't connect automatically when the service starts.
--disable-client-routes Disable client routes. If enabled, the client won't process client routes received from the management service.
--disable-dns Disable DNS. If enabled, the client won't configure DNS settings.
--disable-firewall Disable firewall configuration. If enabled, the client won't modify firewall rules.
--disable-server-routes Disable server routes. If enabled, the client won't act as a router for server routes received from the management service.
--disable-ssh-auth Disable SSH JWT authentication. If enabled, any peer with network access can connect without user authentication
--dns-resolver-address string Sets a custom address for NetBird's local DNS resolver. If set, the agent won't attempt to discover the best ip and port to listen on. An empty string "" clears the previous configuration. E.g. --dns-resolver-address 127.0.0.1:5053 or --dns-resolver-address ""
--ssh-jwt-cache-ttl int SSH JWT token cache TTL in seconds. Set to 0 to disable caching (default). E.g. --ssh-jwt-cache-ttl 3600 for 1-hour cache
Expand All @@ -98,6 +102,7 @@ The command will check if the peer is logged in and connect to the management se
--rosenpass-permissive [Experimental] Enable Rosenpass in permissive mode to allow this peer to accept WireGuard connections without requiring Rosenpass functionality from peers that do not have Rosenpass enabled.
--wireguard-port uint16 Wireguard interface listening port (default 51820)
--block-inbound Block inbound connections. If enabled, the client will not allow any inbound connections to the local machine nor routed networks. This overrides any policies received from the management service.
--block-lan-access Block LAN access. If enabled, the client will not allow NetBird peers to access the local network.
```
#### Usage
The minimal form of running the command is:
Expand Down
Loading