Big Security Questions

Just few'ish security questions I would like to know.

1. Does flashing and already working Openwrt router with update(from 23 to 24) counts as update or new stock flash(updating via luci). So no malware can persist.
2. Does only line of defence against thread actors is wifi password? Since mac addr reservation is bypassed with spoofed mac-adress.
3. Restrict router to select few devices. So no other 3rd party device will connect to it.
4. Mobile notifications of router log in attempts.
5. Any security benefit of luci interface vs cli.
6. Can router be managed through ssh?
7. TP-Link vs other router brands in terms of security?
8. Could firmware be set to read only? (like NixOS)
9. Must have security addons/extensions (ip blocklist..)
10. Any router that have features like UEFI (Settings lock etc..)
11. If Linux kernel can be hardened. OpenWRT then?
    Replay to any or all you like. Thanks.

Have you reviewed the Wiki/documentation?

1. https://openwrt.org/docs/techref/sysupgrade#how_it_works
2. Can you explain the issue in more detail - since MAC filters have been known to be insecure for years
3. Restrict the few devices to what on the router?
4. Beyond what mentioned?
5. Benefits of what exactly?
6. https://openwrt.org/docs/guide-quick-start/sshadministration
7. Is this a question?
8. The overlay is read only
9. Aside from what already exists?
10. Sure, particularly x68_64 devices
11. SELinux roadmap to move to enforcing and moving to v2.8.2

(Some points didn't seem to be questions, maybe others can reply.)

Q2 please define a threat actor are you located near a theatre or something?

In the future, please refrain from editing posts and threads in such a manner that makes is difficult for future community readers to comprehend the orginal context of the discussion.

Just FYI, the orginal post can still be seen.

Edit:

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!