OpenWrt 22.03 released with Firewall4, now supports over 1,580 embedded devices

OpenWrt 22.03 open-source Linux operating system for routers and entry-level embedded devices has just been released with over 3800 commits since the release of OpenWrt 21.02 nearly exactly one year ago.

The new version features Firewall4 based on nftables, switching from the earlier iptables-based Firewall3, and adds support for over 180 new devices for a total of more than 1,580 embedded devices, including 15 devices capable of WiFi 6 connectivity using the MediaTek MT7915 wifi chip.

OpenWrt 22.03

OpenWrt developers explain that Firewall4 keeps the same the UCI firewall configuration syntax and should work as a drop-in replacement with most common setups, just generating nftables rules instead of iptables ones. You’ll find more details about OpenWrt firewall configuration in the documentation.

OpenWrt 21.02 added initial support for the Distributed Switch Architecture (DSA), the Linux standard for configurable Ethernet switches, and OpenWrt 22.03 migrated more targets from swconfig to DSA namely all bcm53xx boards, lantiq boards using the xrx200 / vr9 SoC, and Banana Pi/Lamobo R1 board which, according to the changelog, is the only sunxi board with a switch. Other notable changes include support for dark mode in LuCI web-based configuration interface, fixing the 2038 bug by using 64-bit time_t type, or in other words, making sure the issue does not happen for the next 292 billion years…

Core packages have been updated with Linux 5.10.138 used for all targets, busybox 1.35.0 userland,  the toolchain is now using musl libc 1.2.3, glibc 2.34, gcc 11.2.0, and binutils 2.37, and network packages upgrade to hostapd 2.10, dnsmasq 2.86, and dropbear 2022.82, while cfg80211/mac80211 has been backported from kernel 5.15.58. The full changelog can be found on the OpenWrt website.

Most systems running OpenWrt 21.02 can be upgraded to 22.03 using Sysupgrade, but not from OpenWrt 19.07. Exceptions are the targets that migrated from swconfig to DSA, and in this case, sysupgrade will output the following error message:

Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

In that case, or for a fresh installation, you can also download binary images for your targets. More details may be found in the announcement.

Via Phoronix

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX Rockchip RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
9 Comments
oldest
newest
David Willmore
David Willmore
2 years ago

Would this work well on a generic PC with a few ethernet ports as a pfSense like firewall?

tkaiser
tkaiser
2 years ago

Sure though the point of OpenWRT is running on systems scarce on memory and storage.

David Willmore
David Willmore
2 years ago

I’d imagine pfSense would be similar as it’s meant to run on little appliance router boxes as well. But I take your point that OpenWRT is meant to run on very small devices as well.

I’m not comfortable with the FreeBSD part of pfSense and would much prefer a Linux based router distro.

WereCatf
WereCatf
2 years ago

No, pfSense isn’t really all that similar to OpenWrt. OpenWrt has a number of limitations due to being designed on very resource-constrained devices, like e.g. many packages have reduced functionality, OpenWrt doesn’t come out-of-the-box with all the bells and whistles that e.g. pfSense does and managing any updates –both to packages and OpenWrt itself — is left to you.

I’d much rather recommend using pfSense or OPNsense on a PC.

tkaiser
tkaiser
2 years ago

Seconding Nita. On generic x86 hardware I would also prefer pfSense/ OPNsense since when already wasting a ton more energy than typical router hardware I would want to benefit from the full software spectrum.

Milkboy
Milkboy
2 years ago

Agreed
If you got X86 why not utilized it to the fullest, go with pfSense.
Openwrt can work well enough with x86, but then again it boils down to your use case

I use both pfSense and Openwrt as a firewall.

In a complex network(workplace) i prefer pfsense(x86)+openwrt(router not x86) combo, where its functionality will cover anything i required.
Both complement each other IMO

“simpler” network,solo Openwrt router work great. As long as you know what you need now and in the future, Openwrt can work.

Prahallad
Prahallad
2 years ago

Hi,

I have a pretty old fortigate 240d firewall, does the open wrt support.

Ray Knight
Ray Knight
2 years ago

This release now supports a decent number of switches as can be seen at OpenWrt supported switches. Most use the Realtek SOC and downloads are at https://downloads.openwrt.org/releases/22.03.0/targets/realtek/

Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...