Tech News

OpenWrt: Better firewall, some WiFi 6 and fresh for 292 billion years

In release 22.03.0, OpenWrt significantly expands the free operating system for network devices. Among other things, the important transition from iptables to nftables takes place.

 

With version 22.03.0, the OpenWrt developers presented their free operating system for routers, WLAN access points and similar devices. The first new release in over a year brings a revamped firewall interface, support for more devices, and better configuration options for different hardware platforms OpenWrt runs on.

 

A key change in OpenWrt 22.03.0 is undoubtedly the move from iptables to nftables. The firewall implementation in OpenWrt, which now officially has the version number 4, takes an important step towards the future. Because iptables is now officially considered obsolete; in the form of nftables, the more efficient and usually easier-to-use successor has been in the starting blocks for years.

Practical: Version 4 of the OpenWrt firewall is syntax-compatible with its predecessor; Anyone who has previously stored firewall rules via the uci configuration interface does not have to make any changes to the system during the upgrade. The situation is different with manually created sets of rules in /etc/firewall.user – the user must adapt these manually before an update so that they are compatible with nftables.

The developers are noticeably proud that OpenWrt 22.03.0 comes with support for more than 1580 different network devices from all categories. Last year, more than 180 systems were added on which OpenWrt can now be used. Also new to the group are devices that support the new WiFi 6 standard; So far, however, this support has been limited to models with the MediaTek MT7915 chipset. Appropriate hardware is correspondingly difficult to obtain in this country. The Linksys E8450, for example, which is also on the shelves as the Belkin RT3200, is not available across the board. A sample revealed only the WLAN router WAX202 from Netgear as a potential candidate with support for OpenWrt 22.03.0 that could be purchased in Germany.

A lot has also happened behind the scenes. For various chip sets, the developers have switched the necessary drivers to the DSA architecture of the Linux kernel. DSA stands for Distributed Switch Architecture and describes a collection of functions in Linux that perform typical tasks of network devices such as switches. Up until the 21.02 release, most OpenWrt drivers took care of the switching themselves; In the future, however, the intention is to streamline the code and use native Linux features, which should ultimately improve performance. The devices with XRX200 and Lamobo R1 chips as well as chipsets from the Broadcam 53XX family benefit from this in the new OpenWrt version.

There is also something new for administrators who like to control OpenWrt via GUI and have so far complained about the lack of a dark mode in the OpenWrt GUI LuCI: The developers are adding this in OpenWrt 22.03.0. If the system and thus the browser are set to dark mode, the alternative view is activated automatically.

Fresh from the cabinet of curiosities, the developers also present a solution for the year 2038 problem. Musl, the C standard library that OpenWrt uses in a statically compiled form, previously only used a 32-bit integer for the time_t type. In theory, this means that time_t will overflow from January 19, 2038 and will no longer be usable. The new version of Musl included in the 22.03.0 release uses a 64-bit integer instead, pushing the problem 292 billion years into the future. In the meantime, they want to think about how the developers will solve it.

In addition, OpenWrt 22.03.0 does a lot of model maintenance: Updates across all departments ensure fresh software, such as a modified Linux kernel 5.10.138 on all platforms. It’s anything but brand new, but that’s not unusual for embedded systems such as the OpenWrt targets.

Anyone who is already using OpenWrt 21.02 simply installs the new version with the Sysupgrade tool that is already available in OpenWrt. The only exceptions to this are those platforms that have switched to the DSA architecture of the Linux kernel; Sysupgrade displays a corresponding error message here and warns the administrator to reinstall. All information about the new version can be found in the developer’s release notes. In 2021, the predecessor tackled WPA3 and TLS support, among other things.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button