| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| releases:22.03:notes-22.03.0 [2022/09/04 22:47] – [Firewall4 based on nftables] zorun | releases:22.03:notes-22.03.0 [2022/09/05 22:55] – small updates hauke |
|---|
| |
| Download firmware images via the Firmware Selector or directly from our download servers: | Download firmware images via the Firmware Selector or directly from our download servers: |
| * [[https://firmware-selector.openwrt.org/?version=22.03.0|Download a firmware image for your device (firmware selector)]] | * [[https://firmware-selector.openwrt.org/?version=22.03.0|Download firmware image for your device (firmware selector)]] |
| * [[https://downloads.openwrt.org/releases/22.03.0/targets/|All firmware images]] | * [[https://downloads.openwrt.org/releases/22.03.0/targets/|Download firmware images directly from OpenWrt download servers]] |
| |
| /* get number of commits: | /* get number of commits: |
| ==== Firewall4 based on nftables ==== | ==== Firewall4 based on nftables ==== |
| |
| Firewall4 is used by default instead of ''firewall3'' in the OpenWrt default images. Firewall4 uses nftables instead of iptables to configure the Linux netfilters. | Firewall4 is used by default, superseding the iptables-based firewall3 implementation in the OpenWrt default images. Firewall4 uses nftables instead of iptables to configure the Linux netfilter ruleset. |
| |
| Firewall4 uses the same UCI firewall configuration syntax. Old firewall configurations should still work with firewall4, they will simply use nftables as a backend. | Firewall4 keeps the same the UCI firewall configuration syntax and should work as a drop-in replacement for fw3 with most common setups, emitting nftables rules instead of iptables ones. |
| |
| However, including custom iptables rules is no longer possible. Firewall4 allows to include nftables snippets instead, see [[docs:guide-user:firewall:firewall_configuration#includes_for_2203_and_later_with_fw4|firewall includes with fw4]]. Some community packages that add firewall rules might not work for now, and will need to be adapted to fw4. | Including custom firewall rules through /etc/firewall.user still works, but requires marking the file as compatible first, otherwise it is ignored. Firewall4 additionally allows to include nftables snippets. The [[docs:guide-user:firewall:firewall_configuration|firewall documentation]] explains how to include custom firewall rules with firewall4. Some community packages that add firewall rules might not work for now, and will need to be adapted to fw4: this will happen gradually throughout the lifetime of the 22.03 release series. |
| | |
| | The legacy iptables utilities are not included in the default images anymore, but can be added back using opkg or the [[docs:guide-user:additional-software:imagebuilder|Image Builder]] if needed. The transitional packages ''iptables-nft'', ''arptables-nft'', ''ebtables-nft'' and ''xtables-nft'' can be used to create nftables rules using the old iptables command line syntax. |
| |
| ''iptables'' is not included in the default images anymore, it can be added with opkg or [[docs:guide-user:additional-software:imagebuilder|ImageBuilder]] if needed. The packages ''iptables-nft'', ''arptables-nft'', ''ebtables-nft'' and ''xtables-nft'' provide the known command line interface from the old tools, but they will create nftables entries instead. | |
| |
| ==== Many new devices added ==== | ==== Many new devices added ==== |
| ===== Upgrading to 22.03.0 ===== | ===== Upgrading to 22.03.0 ===== |
| |
| Sysupgrade can be used to upgrade a device from 21.02 to 22.03, and configuration will be preserved in most cases. | Sysupgrade can be used to upgrade a device from OpenWrt 21.02 to 22.03, and configuration will be preserved in most cases. |
| Upgrades from a previous 22.03.0 release candidate are also supported. | Upgrades from a previous 22.03.0 release candidate are also supported. |
| |