Hi everyone, On Thu, 2022-03-03 at 15:58 +0100, Petr Štetiar wrote: > Daniel Golle <dan...@makrotopia.org> [2022-03-01 21:11:49]: > > Hi, > > > I fully agree, none of those packages make much sense on this class of > > devices and all of them should be dropped from default installations. > > I think, that if you personaly don't care about other valid use cases, you > should at least try to consider current 21.02 users as some realtek targets > are already supported and removing firewall package has security related > implications.
Since 22.03 has now been branched, I think we should decide on where we want to go with the default package selection for realtek (and other managed switches). One extra argument in favour of keeping the firewall in the default config, is that the devices with more advanced stock FW also provide an ACL feature to filter out traffic based on MAC, IP, ethernet frame contents, etc. However, this is offloaded to a hardware engine in the switch, but I'm not up to date on how well this offloading currently works (with nftables). So, providing a firewall would put OpenWrt on the same feature level as more advanced vendor offerings. > > > Obviously users may still install them if they really want their switch to > > act as DHCP server and/or caching DNS resolver. > > This topic is about firewall4, so are you suggesting to post-install firewall4 > package as well? Dropping dnsmasq and odhcpd-ipv6only makes more sense to me, since these are not features that are normally provided on a managed switch AFAIK. Best, Sander _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel