Ack,but atm i cannot help you with it…
For iptables:
You need to set default policy or drop each packet not matching your accept rules…atm your firewall blocks nothing 
and please enclose full code in codeblock
a bit of config:
https://www.fw-web.de/dokuwiki/doku.php?id=en:bpi-r2:network:iptables
Yes, I agree with you, unfortunately some rules were missing!
I’ve tested what you advised on your wiki, good basic!
I use it for my own script in order to switch on firewall at boot time!
For testing fw I recently take nmap from wan port of BPI-R2, have you other tip maybe?
you do not need all…these are examples from my config
for a firewall you should use whitelisting = block all except of known Packets.
my firewall is a mix of both…i block additionally some traffic to (e.g. ipv6-in-ipv4 like toredo and some lan-devices like my printer). for such you need to create a concept…
iptables (maybe also nftables) are executed for each packet “line by line” if one matches, the packet is handled and the other rules are not applied. e.g. it does not make sense to block anything after allowing it (lan drop have to be done before generic lan-allow).
so basicly this flow:
nmap should be best way to test…if you have a server listening you can also test with “telnet host port” if your firewall blocks traffic (have done this with dns forwarding 
)
Thank you for your support!
Other problem I’m facing with, I got a pci-e Wlan card(Intel 3945).
With lspci, dmesg, I can’t see anything related to it!
Wether card is broken, or pci-e interface not working correctly with this kernel?
Have you experience?
this should be a hardware-incompatibility…i’ve read somewhere here, that some intel-cards not working on r2…afair they are needing an addional bus (e.g. usb) or power (5v) to work. at least lspci should show anything for support it…my kernel has pcie enabled and working (tested with mt7612e card).
Lspci output :
00:01.0 PCI bridge: MEDIATEK Corp. Device 0801 (rev 01) 01:00.0 IDE interface: ASMedia Technology Inc. ASM1061 SATA IDE Controller (rev 02)
But nothing about above mentioned intel wlan card! 
I might consider to buy one turned up on your wiki!
Downloaded the “bpi-r2-buster.img.tar.gz” and burned it to an SD card, then exploded the “wmt-tools+script+conf.zip” into BPI-ROOT. Booted ok but when I run “wifi.sh” it calls hostapd (which doesn’t seem to exist). I see where the conf for hostapd is getting created, but I don’t see the actual hostapd program in BPI-ROOT. What am I missing? Thanks!
my image is a minimal system…You have to install it from debian repo
apt update
apt upgrade
apt install hostapd dnsmasqHello Frank,
first, I whish you all a happy new year!
I’ve installed your image and so far everything is ok. But now i have to use a usb device, which driver is not found in the modules directory. So I have to build the module by source.
I’ve tried some sources, but whatever I do, I get always the message
insmod r8152.ko
insmod: ERROR: could not insert module r8152.ko: Invalid module format
But where can I find the right sources and how to bind them correctly to the system? A step by step guide would be great.
And can you provide your you kernel-config file? I think that could be helpful.
Thanks in advance for your help
Jochen
Thanks, a happy new year to you too
You need to compile kernel including the module by yourself. You can also compile the module with kernelsources but this is more difficult setup.
you can download kernel source from my github repo, and use build.sh (importconfig,config to enable your driver,then without param).
Your current kernel is in gitbranch 4.19-main use “git checkout 4.19-main” to switch to it after download. Build.sh asks after build to install to sdcard,then you only need to change uenv.txt (kernel variable to match your new uimage name)
Thanks for your answers, Frank.
I start here: https://github.com/frank-w
klick repositories
get: https://github.com/frank-w?tab=repositories
further to: https://github.com/frank-w/BPI-R2-4.14
is this the right one?
And now I can click the “clone or download” button to get the repository.
but this is build 4.14 and my system says
uname -r 4.19.62-bpi-r2-main
Unfortunately I’m no kernel guru. Further questions will come. I swear! 
I think the repository mentioned by Frank is this one https://github.com/frank-w/BPI-R2-4.14/tree/4.19-main. The other one is a fork from SinoVoip. You can simply clone it directly using git.
git clone -b 4.19-main https://github.com/frank-w/BPI-R2-4.14.git 4.19-main
Right,this repo
Imho download will fetch only default branch which is still 4.14 (or the branch currently selected).
You need to install some Packages first like mentioned in readme.md.but build.sh will check them too.
Thanks for advise. Now I downloaded ciobys link, activated my desired module in the config and run the build.sh command.
Frank, you have said, i will be asked for installation to sdcard, but there is no such suggestion by the scrip
After compiling I get that:
Image Name: Linux Kernel 4.19.88-main
Created: Fri Jan 3 19:19:31 2020
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 7760910 Bytes = 7579.01 kB = 7.40 MB
Load Address: 80008000
Entry Point: 80008000
build uImage without appended DTB…
Image Name: Linux Kernel 4.19.88-main
Created: Fri Jan 3 19:20:01 2020
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 7725960 Bytes = 7544.88 kB = 7.37 MB
Load Address: 80008000
Entry Point: 80008000
- pack
- install to System
- deb-package
- upload choice [1234]
Whats the choice I need and how to go further on?
Regards
Jochen
You compiled on r2 directly? Then “install to system”…make sure you edit uenv.txt setting kernel to your new file
./build.sh uenvno, i 've used my desktop pc for this job.
Install to system is printed if no crosscompiler was used…
Else there is printed “install to SD-Card”. Thats why i’m wondering…
crosscompile is set if “uname -m” does not contain aarch64 or armv
I guess your desktop is x86(_64),right? Just run uname -m
I’ve compiled it on a raspberry 4 and that’s an arm system
uname -m : armv7l
however. i will do it again on the R2 and follow your suggestet way
Ok,thats the cause…rpi4 as desktop pc?
Compilation on x86 host will be faster
Hi Frank,
now I’ve installed from the R2 the new build directly to my sd, but the system won’t boot.
the build.sh script copied the kernel as “uImage_4.19.88-main” to the boot partition, but not the uImage_nodt (what is the nodt kernel?) and also not the dtb file. So I’ve copied them by hand and renamed the files to the original filenames in these directories.
Result: black screen - nothing happens - no boot.
So I had to roll back to the 66 kernel and machine is booting again.
Do you have any clue what the problem could be?
Regards
Jochen
PS: my uEnv.txt
root=/dev/sda1 rootfstype=ext4 drm.debug=0x01 rootwait
has not entry for a kernel file, so I thought uImage is the default name