[PATCH 1/2] realtek: Use firewall4

Hauke Mehrtens hauke at hauke-m.de
Mon Feb 28 15:12:44 PST 2022

On 2/28/22 23:00, Sander Vanheule wrote:
> Hi Hauke,
> On Mon, 2022-02-28 at 22:37 +0100, Hauke Mehrtens wrote:
>> The realtek target is not a router, but basic device, see DEVICE_TYPE.
>> The basic device type does not come with firewall by default, see
>> include/target.mk for details. The realtek target extended
>> DEFAULT_PACKAGES manually with firewall.
>> This changes the defaults to take firewall4 and nftables instead of
>> firewall and iptables. This also adds the additional package
>> kmod-nft-offload.
>> The only difference to the router type is the missing ppp and
>> ppp-mod-pppoe package.
>> This increases the compressed image size by about 260KBytes.
>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> Commit 9e7149f729e9 ("realtek: revert to "standard" management configuration") changed the
> default port configuration for realtek devices to only have LAN ports, instead of the
> LAN/WAN VLANs that were used before. I wonder if it doesn't make more sense to drop the
> firewall package from the default now, since there is only one interface, unless there is
> a different reason to keep the firewall.

We can also remove firewall4 support from the realtek target. Probably 
most people will not use it for routing and if so they can install 
firewall4 manually. I just do not want to ship firewall3 by default.


