OpenWrt 22.03 open-source Linux operating system for routers and entry-level embedded devices has just been released with over 3800 commits since the release of OpenWrt 21.02 nearly exactly one year ago.
The new version features Firewall4 based on nftables, switching from the earlier iptables-based Firewall3, and adds support for over 180 new devices for a total of more than 1,580 embedded devices, including 15 devices capable of WiFi 6 connectivity using the MediaTek MT7915 wifi chip.
OpenWrt developers explain that Firewall4 keeps the same the UCI firewall configuration syntax and should work as a drop-in replacement with most common setups, just generating nftables rules instead of iptables ones. You’ll find more details about OpenWrt firewall configuration in the documentation.
OpenWrt 21.02 added initial support for the Distributed Switch Architecture (DSA), the Linux standard for configurable Ethernet switches, and OpenWrt 22.03 migrated more targets from swconfig to DSA namely all bcm53xx boards, lantiq boards using the xrx200 / vr9 SoC, and Banana Pi/Lamobo R1 board which, according to the changelog, is the only sunxi board with a switch. Other notable changes include support for dark mode in LuCI web-based configuration interface, fixing the 2038 bug by using 64-bit time_t type, or in other words, making sure the issue does not happen for the next 292 billion years…
Core packages have been updated with Linux 5.10.138 used for all targets, busybox 1.35.0 userland, the toolchain is now using musl libc 1.2.3, glibc 2.34, gcc 11.2.0, and binutils 2.37, and network packages upgrade to hostapd 2.10, dnsmasq 2.86, and dropbear 2022.82, while cfg80211/mac80211 has been backported from kernel 5.15.58. The full changelog can be found on the OpenWrt website.
Most systems running OpenWrt 21.02 can be upgraded to 22.03 using Sysupgrade, but not from OpenWrt 19.07. Exceptions are the targets that migrated from swconfig to DSA, and in this case, sysupgrade will output the following error message:
Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed
In that case, or for a fresh installation, you can also download binary images for your targets. More details may be found in the announcement.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
9 Replies to “OpenWrt 22.03 released with Firewall4, now supports over 1,580 embedded devices”
Would this work well on a generic PC with a few ethernet ports as a pfSense like firewall?
Sure though the point of OpenWRT is running on systems scarce on memory and storage.
I’d imagine pfSense would be similar as it’s meant to run on little appliance router boxes as well. But I take your point that OpenWRT is meant to run on very small devices as well.
I’m not comfortable with the FreeBSD part of pfSense and would much prefer a Linux based router distro.
No, pfSense isn’t really all that similar to OpenWrt. OpenWrt has a number of limitations due to being designed on very resource-constrained devices, like e.g. many packages have reduced functionality, OpenWrt doesn’t come out-of-the-box with all the bells and whistles that e.g. pfSense does and managing any updates –both to packages and OpenWrt itself — is left to you.
I’d much rather recommend using pfSense or OPNsense on a PC.
Seconding Nita. On generic x86 hardware I would also prefer pfSense/ OPNsense since when already wasting a ton more energy than typical router hardware I would want to benefit from the full software spectrum.
If you got X86 why not utilized it to the fullest, go with pfSense.
Openwrt can work well enough with x86, but then again it boils down to your use case
I use both pfSense and Openwrt as a firewall.
In a complex network(workplace) i prefer pfsense(x86)+openwrt(router not x86) combo, where its functionality will cover anything i required.
Both complement each other IMO
“simpler” network,solo Openwrt router work great. As long as you know what you need now and in the future, Openwrt can work.
Short investigation: https://openwrt.org/docs/guide-user/installation/openwrt_x86
I have a pretty old fortigate 240d firewall, does the open wrt support.
This release now supports a decent number of switches as can be seen at OpenWrt supported switches. Most use the Realtek SOC and downloads are at https://downloads.openwrt.org/releases/22.03.0/targets/realtek/