olsrd: switch to firewall4 #812
Conversation
PolynomialDivision
changed the title
PolynomialDivision
force-pushed
the
olsr-ipt-nft
branch
from
958c3e6
to
1b6b87c
Compare
|
I don't use smart gateway. Can anyone test? |
PolynomialDivision
changed the title
olsrd/files/olsrd.sh
Outdated
| @@ -746,8 +746,8 @@ olsrd_setup_smartgw_rules() { | |||
| nowan=0 | |||
| fi | |||
|
|
|||
| IP4T="$( command -v iptables )" | |||
| IP6T="$( command -v ip6tables )" | |||
| IP4T="$( command -v iptables-nft )" | |||
There was a problem hiding this comment.
This change does not seems to be necessary.
root@turris:~# iptables
iptables v1.8.7 (nf_tables): no command specified
Try `iptables -h' or 'iptables --help' for more information.
olsrd/Makefile
Outdated
| @@ -34,7 +34,7 @@ endef | |||
| define Package/olsrd | |||
| $(call Package/olsrd/template) | |||
| MENU:=1 | |||
| DEPENDS:=+libpthread +libubus | |||
| DEPENDS:=+libpthread +libubus +iptables-nft +ip6tables-nft | |||
There was a problem hiding this comment.
This breaks compatibility with fw3. By quick looking at commit openwrt/openwrt@795e715 it should be enough to add iptables and iptables6 w/o any suffix. :)
olsrd/Makefile
Outdated
| @@ -34,7 +34,7 @@ endef | |||
| define Package/olsrd | |||
| $(call Package/olsrd/template) | |||
| MENU:=1 | |||
| DEPENDS:=+libpthread +libubus | |||
| DEPENDS:=+libpthread +libubus +iptables-nft +ip6tables-nft | |||
There was a problem hiding this comment.
This breaks compatibility with fw3. By quick looking at commit openwrt/openwrt@795e715 it should be enough to add iptables and iptables6 w/o any suffix. :)
PolynomialDivision
force-pushed
the
olsr-ipt-nft
branch
from
1b6b87c
to
26e3750
Compare
|
Thanks! Changed it. |
|
Commit subject and commit description should be changed. |
PolynomialDivision
force-pushed
the
olsr-ipt-nft
branch
from
26e3750
to
d9a6a73
Compare
|
Did that. |
|
What about this? I wouldn't say I like copy&pasting commit messages from different commits and also the references always begin with 1 instead of 0. Feel free to rewrite it based on your thoughts. From my point of view, you should not use any Fixes: or any other keyword in the commit message since when you have it there and you will do force-push, you will only spam issue with mentions. You should rather put it to the pull request. |
The upcoming OpenWrt version (currently in the master branch) ships firewall4 by default [1], which uses nftables instead of iptables. Users might choose to use a compatible layer [2] with iptables-nft, decide which iptables they want to use, and make appropriate changes related to fw3/f4[3]. This package requires to use iptables (no matter which variant) for smart-gw-rules. [1] openwrt/openwrt@08d9f6e [2] https://www.redhat.com/en/blog/using-iptables-nft-hybrid-linux-firewall [3] openwrt/openwrt@795e715 Signed-off-by: Nick Hainke <[email protected]>
PolynomialDivision
force-pushed
the
olsr-ipt-nft
branch
from
d9a6a73
to
aa1dca7
Compare
|
Sounds awesome! :) |
Firewall4 uses nftables instead of iptables. Use iptables-nft for installing smart-gw-rules.
Fixes: #731 ("Certain upstream switch to firewall4 aka nftables instead of iptables")