I am about to make quite a few changes to my internal network/subnets setup. My MOX is still on Turris OS 6.3 with pretty much default WAN/LAN configuration and nothing fancy installed.
I am tempted to switch to Turris OS 7 / hbl in order to implement all my changes with fw4/nftables which would avoid another transition when Turris OS 7 is released.
My question is: is Turris OS 7 / hbl safe enough in its current state? The OpenWRT 22.03 base is very mature now but I don’t want unsafe defautl firewall settings for example.
Any feedback welcome.
Well first of all I was on HBL for some time being. What you need to consider is that the great turris firewall doesnt work on HBL.
Firewall rules are not translated to nftables. So no Sentinel.
What you gain is the native implementation of VLANS in LXC containers so you can have segmented network via VLANs and put lxc container where you want.
It was also possible in TOS6.0 but you had to manually add LXC veth adapter to specific bridge. With TOS 7.0 you set that in container config and it works.
What I also observed… Newer version od DAWN to band steer you WiFi.
Pretty much thats it.
Edit: I moved the topic to General Discussion
Thank you! Very useful.
Your point about firewall rules is important to me. That was my main concern…
I think @lucenera also is on HBL maybe they could share some experience with TOS7.0