OpenWrt 22.03 upstream (with nftables)

I know it’s been mentioned before (but the thread in question is now not accepting replies).

OpenWrt 22.03 is now in release candidate:

Included is much anticipated migration to nftables for firewall.

Does anyone know if we can expect to see this functionality in Turris OS and how long we will need to wait?

Is there anything (code submits, testing) the community can contribute to speed up the process?

OpenWrt v.21.02.x is TurrisOS (TOS) v6.x. This is in HBL branche and maybe used for daily use (installed on any of my 3 TO and 2 MOX and running like a charm), if you are an experienced user. Yet with Foris and some other implementations, it is not considered stable by the developers. If you want to help switch to HBL and report bugs to gitlab/developers.
OpenWrt v.22.03.x is TOS v7.x and should be in HBD branche (and OpenWrt Master by now in crashlab - @Pepe correct?) .
Please don’t ask for ETA on TOS v.7 when TOS v.6 isn’t available yet :wink:


Sounds like it might be a while. I’ll look into the stability of the HBD branch. Otherwise, it’s a decision between running Turris OS (providing native driver support for SFP and btrfs/schnapps) vs. upstream OpenWrt (with nftables).

Can you give a router-realworld-reason why this would be a benefit?

My use case is as a home lab. Would you rather learn COBOL or Go?

Thanks for the useful information. I’m very happy with Turris OS but want to improve my skills with Linux firewalls. I’m hesitant to spend too much time on iptables when nftables is the future

lol, not sure this comparison is fitting. Iptables is still being used, and will be for a long time.

1 Like

That was a massive exaggeration… Maybe IPv4 Vs v6 might have been more fitting :slight_smile:

Looking forward to getting a Turris OS based on 22.03 at some point in the future


Just to put your “investment” into some perspective, part of the switch to nftables includes new front-ends accepting iptables syntax, so most things you might learn for iptables right now, should survive the back-end switch from iptables to nftables (yes, there will come a time when switching over to the more native nftables front-end will be a good idea, but that time is not now :wink: )…

1 Like

Agreed above, iptables is not obsolete but it is just deprecated, and will be still around for many years.
For example Debian migrated to nftables few years ago but knowing iptables is a big plus.

Btw regarding Cobol or Go I wouldn’t learn any of them :grin:

1 Like

Any help is appreciated! Our source code can be found on CZ.NIC’s GitLab and it is mirrored on GitHub, but if you are looking for some contributing guideliens, feel free to check our documentation.

Even though there are some RC versions of OpenWrt 22.03, we didn’t switch builds for it yet.

What we are currently building:

  • OpenWrt master is in the HBD branch
  • OpenWrt 21.02.xx is in the HBL branch
  • OpenWrt 19.07.10 is in the HBK branch.
  • Regarding the crashlab build, because of its naming, it is considered as
    dangerous and users should not be there as this is mostly an internal branch for our developers, which is why this branch is not promoted anyhow.

I would say that this is a pretty short list to compare Turris OS or upstream OpenWrt. What about Turris: Sentinel, reForis, automatic updates, and notifications about each update, we are using Lighttpd, syslog-ng, OpenSSL, and full-featured packages instead of minimal configurations, but I should not forget about our package lists, and LuCI included in each branch! SFP modules are supported in OpenWrt builds. I just named a few, but there are also other reasons to consider Turris OS. :slight_smile:


Amazing to get a core developer reply (on a weekend as well!!). Kudos to the Turris guys.

I’ll be checking out the docs and codebase when I get the chance. I might need to buy myself a second unit to break though!

Since I last checked a while ago, Turris hardware support in upstream OpenWrt has significantly improved. Thanks to the Turris team if this is the result of your submissions to the upstream codebase.

I am aware there are many cool Turris specific features but the killer Turris OS feature for me is btrfs and schnapps (I had been considering removing the web interface altogether).

1 Like

If you want to play, you could make a Raspberry PI router with openwrt instead. By compiling distro yourself you could learn so much more of linux. Or you could also take some mini-ITX dual ethernet motherboard. Or get some special 4x ethernet x86 router minipc from aliexpress. I tried this myself only to realize that you could spend, weeks, months and years compiling and configuring this. From the price/value ration it is somewhere else but it is doable to compile openwrt for x86 and run it on such hardware. You can compile latest openwrt master every day if you want.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.