[PATCH 1/2] realtek: Use firewall4

[Sander Vanheule]

Hi Hauke,

On Mon, 2022-02-28 at 22:37 +0100, Hauke Mehrtens wrote:
> The realtek target is not a router, but basic device, see DEVICE_TYPE.
> The basic device type does not come with firewall by default, see
> include/target.mk for details. The realtek target extended
> DEFAULT_PACKAGES manually with firewall.
> 
> This changes the defaults to take firewall4 and nftables instead of
> firewall and iptables. This also adds the additional package
> kmod-nft-offload.
> The only difference to the router type is the missing ppp and
> ppp-mod-pppoe package.
> 
> This increases the compressed image size by about 260KBytes.
> 
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>


Commit 9e7149f729e9 ("realtek: revert to "standard" management configuration") changed the
default port configuration for realtek devices to only have LAN ports, instead of the
LAN/WAN VLANs that were used before. I wonder if it doesn't make more sense to drop the
firewall package from the default now, since there is only one interface, unless there is
a different reason to keep the firewall.

Best,
Sander

> ---
>  target/linux/realtek/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/linux/realtek/Makefile b/target/linux/realtek/Makefile
> index 704242a000a0..91af5fbcfce1 100644
> --- a/target/linux/realtek/Makefile
> +++ b/target/linux/realtek/Makefile
> @@ -18,7 +18,7 @@ endef
>  include $(INCLUDE_DIR)/target.mk
>  
>  DEFAULT_PACKAGES += uboot-envtools ethtool kmod-gpio-button-hotplug \
> -       dnsmasq firewall ip6tables iptables odhcp6c odhcpd-ipv6only \
> +       dnsmasq firewall4 nftables kmod-nft-offload odhcp6c odhcpd-ipv6only \
>         ip-full ip-bridge tc
>  
>  $(eval $(call BuildTarget))