Alternative to openwrt firewall?

anon50890781 · March 13, 2018, 1:43am

with all the fancy of the Omina router the openwrt firewall (implementation) appears rather basic and something barebone in comparison.

Maybe I am bit spoiled using pfsense and csf firewalls in other places but cannot help to find the openwrt firewall somewhat lacking and uninspiring in features, modularity, scalability and usability.

Are there any firewall alternatives for the Omina, as opposed to having to route through a firewall residing inside a container installation? Latter I would consider neither a robust nor a desirable workaround.

anon50890781 · March 13, 2018, 2:11am

Untangle looks interesting, anyone having tried it?

MiKe · March 13, 2018, 6:51am

Hi,

What exactly it is lacking? Are you using it for home or office use?

I did not tried Untangle but you could try to run FreeBSD on Omnia and if it works put pfSense on it.

anon50890781 · March 13, 2018, 8:11am

ipset Integration for handling black/white/ciidr/country lists
black/white list import/roll over automation
temporary/permanent black/white listing rules
log flood protection rules
email alerting/reporting
geoip integration

Seeing the data from other sites it does not seem to matter anymore whether the exposure to the web is commercial or private.

hadc · March 13, 2018, 8:26am

i suppose you’d get some of this if opt-in for data collection and stuff.

but yes, the default does only provide the minimum of what is needed

afaik;

*bsd will not run on the omnia.
you can have debian, suse, untangle and openwrt besides turris-os

anon50890781 · March 13, 2018, 9:02am

Untangle seems to be debian kernel based.

pfsense managed their tailored freebsd kernel for the arm architecture and in another forum thread someone offered to port it for the Omnia, but seems that has no led to such development.

hadc · March 13, 2018, 11:17am

yea, that “someone” is pfsense lead-dev and from the looks he abandoned the idea for lack of engagement and/or now sells similar hardware by himself.

blbeczech82 · March 13, 2018, 12:26pm

I use Untangle but on my old x86-64 board and yes - it is debian.
There are images on download page of Untangle directly for Linksys WRT 1900ACS and Turris Omnia https://www.untangle.com/get-untangle/
and Wiki https://wiki.untangle.com/index.php/Turris_Omnia.

To undestand differences between mature and Omnia version of UTM see https://wiki.untangle.com/index.php/Untangle_Firmware_FAQ#Is_the_functionality_the_same_as_a_normal_x86_installation.3F where it is explained.
It’s mostly about RAM limitation. So IPS (Suricata), Squid, ClamAV etc. won’t be probably working.
And I’m not sure if you have to pay not to have “lite” versions of appcontrol, web filter, SSL inspector etc.

Anyway if you will try please let me know I’m very interested.

anon50890781 · March 13, 2018, 12:34pm

Too bad, it looks like an opportunity missed really

anon50890781 · March 13, 2018, 12:37pm

Reckon the omnia board is from Compex and thus their own branded CompexWRT should be working too, not that it makes any difference on the firewall though

anon50890781 · March 13, 2018, 12:54pm

I probably will, considering that open/turris os feels a bit incomplete and pacakage maintainance not up to speed.

anon50890781 · March 13, 2018, 3:07pm

@blbeczech82 decided against untangle for privacy concerns such as counting the network clients and subsequent feature throttling. Whilst I can appreciate their business model it is a no go for me.