Hi everyone,

On Thu, 2022-03-03 at 15:58 +0100, Petr Štetiar wrote:
> Daniel Golle <dan...@makrotopia.org> [2022-03-01 21:11:49]:
> 
> Hi,
> 
> > I fully agree, none of those packages make much sense on this class of
> > devices and all of them should be dropped from default installations.
> 
> I think, that if you personaly don't care about other valid use cases, you
> should at least try to consider current 21.02 users as some realtek targets
> are already supported and removing firewall package has security related
> implications.

Since 22.03 has now been branched, I think we should decide on where we want to 
go with
the default package selection for realtek (and other managed switches).

One extra argument in favour of keeping the firewall in the default config, is 
that the
devices with more advanced stock FW also provide an ACL feature to filter out 
traffic
based on MAC, IP, ethernet frame contents, etc. However, this is offloaded to a 
hardware
engine in the switch, but I'm not up to date on how well this offloading 
currently works
(with nftables). So, providing a firewall would put OpenWrt on the same feature 
level as
more advanced vendor offerings.

> 
> > Obviously users may still install them if they really want their switch to
> > act as DHCP server and/or caching DNS resolver.
> 
> This topic is about firewall4, so are you suggesting to post-install firewall4
> package as well?

Dropping dnsmasq and odhcpd-ipv6only makes more sense to me, since these are 
not features
that are normally provided on a managed switch AFAIK.

Best,
Sander

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to