Skip to content

Commit

Permalink
build: switch to firewall4 by default
Browse files Browse the repository at this point in the history 
This commit replaces firewall aka firewall3 with its nftables based
successor firewall4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
  • Loading branch information
@aparcar
aparcar committed Jan 19, 2022
1 parent 431f379 commit 08d9f6e
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions include/target.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,9 @@ DEFAULT_PACKAGES.nas:=\
# For router targets
DEFAULT_PACKAGES.router:=\
dnsmasq \
firewall \
ip6tables \
iptables \
kmod-ipt-offload \
firewall4 \
nftables \
kmod-nft-offload \
odhcp6c \
odhcpd-ipv6only \
ppp \
Expand Down

10 comments on commit 08d9f6e

@nitroshift
Copy link

@nitroshift nitroshift commented on 08d9f6e Jan 20, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since LuCI doesn't have the option to set software flow offload (yet), it can be enabled in /etc/config/firewall with
option flow_offloading '1' under config default section.

@wongsyrone
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any plan to offer a translation tool for iptables rules? BTW, how to specify custom rules as /etc/firewall.user no longer exists?

@eslamsayed67
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

أي خطة لتقديم أداة ترجمة لقواعد iptables؟ راجع للشغل ، كيف تحدد القواعد المخصصة لأن /etc/firewall.user لم يعد موجودًا؟

I can't find the wifidog package after this mod

@aparcar
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since LuCI doesn't have the option to set software flow offload (yet), it can be enabled in /etc/config/firewall with
option flow_offloading '1' under config default section.

I think this should be fixed via openwrt/luci@705d46b

@aparcar
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

أي خطة لتقديم أداة ترجمة لقواعد iptables؟ راجع للشغل ، كيف تحدد القواعد المخصصة لأن /etc/firewall.user لم يعد موجودًا؟

I can't find the wifidog package after this mod

I still see the package here: https://downloads.openwrt.org/snapshots/packages/x86_64/packages/

You have to remove firewall4 and instead install firewall3

@CallMeR
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found that the contents of the iptables panel have disappeared, will there be a new management panel for firewall4, which is mainly used to display the working status of firewall entries?

@jow-
Copy link
Contributor

@jow- jow- commented on 08d9f6e Jan 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will there be a new management panel for firewall4

Yes, I am working on it.

@CallMeR
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, when I compiled X86-64 firmware, I checked the following configs:

CONFIG_PACKAGE_iptables=y
CONFIG_PACKAGE_iptables-mod-extra=y
CONFIG_PACKAGE_iptables-mod-nat-extra=y

CONFIG_PACKAGE_ip6tables=y
CONFIG_PACKAGE_ip6tables-mod-nat=y
CONFIG_PACKAGE_ip6tables-extra=y

So after the NF is used as the default firewall, what alternative configs does I need to check?

@peterwillcn
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docker broken

@aparcar
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docker broken

Please elaborate

Please sign in to comment.