Could it be possible to have the complete set of ip/x table options enabled as module in the kernel sources?
I expect a lot of people wanting to replace their R1 with an R2, now bananian support has stopped…
Thanks, got almost all working again. Can you add xt_connlimit and nf_synproxy_core?
Both are for some extra safety, to limit incomming traffic (prevent flodd) or drop out-of-sync packages (something really nasty, almost never seen, but just in case)
Great, thanks, I was busy yesterday, just placed the kernel and it works like a charm. I was surprised that power-off is already working. (probably was for some time)
Will start using the R2 ASAP. (keeping the R1 as temp spare for when a kernel update is needed)
With the very old kernel I started this thread with, shutdown didn’t power-off the device. (kept showing ‘shutdown’ in console), with the last 2 it just powers-off.
No serial cable here. Need to find me a way to update the kernel without having to remove the sdcard.
4.4 does not support poweroff…i had only patched 4.14 with the necessary changes
with my debian and ubuntu-image you can use deb-package, with all other systems you can use the packed version (unpack in running system), but if it does not boot, you have to remove the card (or boot another kernel => here you need a usb2serial-cable)
Yep, thanks, finally had time to continue with the R2 and it runs nicely as firewall. I’ve added a vlan supporting switch in front of the firewall to split-off the TV vlan, so I can at least have updates for all Debian packages.
Would there be a chance that you’d supply the kernel package as .deb? I saw you already have a .80 version.
Also, small tip, in buster uses nftables as firewall management and the iptable package (1.8) has been rewritten to use the nft command. This gives an issue, as the nft setup required another set of modules, nft*. I’ve just been battling with the firewall after an upgrade and reverted the iptables to stretch-backports.
Deb for all kernel versions are on releases-page on github. Look at branch-name (4.14-main vs any other) before downloading. And do not use 4.14.92-97. Imho also 4.19 should have this issue,so make sure usimg last version
BTW I checked in /lib/modules/4.19.0-2-amd64/kernel/net/netfilter on my debian workstation and this is a part of the list of modules that Debian ships with their kernel, Looks like iptables 1.8 expects the nft_* modules
It’s running and without issues here, thanks, the .98 works nicely. Is it possible for you to supply a matching linux-headers deb as well? I’d like to use xtables-addons-dkms xtables-addons-common for the geoip module and it suggests to include a linux-headers package. I have no clue how much extra work it is when building the package.
BTW what is the main difference between the 4.14 and 4.19 kernel? HDMI doesn’t seem to work on the 4.14 kernel, is that fixed in 4.19? (or should it work and was I to slow with plugging in the monitor)