I've just flashed the latest build of @hnyman on to my R7800 router.
So far I've always used DNScrypt to harden security but I've discovered AdGuard which seems to offer a all-in-one solution. DNScrypt seems to be already used out of the box when using AdGuard.
So my question is: what is the best way of hardening the security/privacy on my R7800?
I want to get my build as secure as possible but still want to play online games from time to time.
So which packages would you recommend to install and configure?
Should I go for AdGuard and I will be good or better install DNScrypt and some other packages?
I would really appreciate it if someone who has knowledge in hardening security with openwrt could help.
Regarding Wifi: I've turned it completely off for now with the hardware switch.
AGH however also allows filtering/adblocking. This can improve privacy depending on how you configure the adblock/filtering lists. There are privacy based lists out there you could add to AGH which will block trackers etc by blocking their dns lookups.
Crowdsec can be used to harden your router much like it can do for a server. However unless you are running services on your router you should be fairly secure out of the box. There is an opkg version of crowdsec.
In addition to blocklists and encrypted DNS, you can also turn off password auth and only use keys for SSH. Changing the port is also good to thwart the automated casual scans and add option MaxAuthTries '1' in /etc/config/dropbear
you don't need dnscrypt if u have AGH. AGH does encrypted dns lookups itself.
Also Luci and ssh for your openwrt shouldn't need locking down too much as its only exposed to your LAN side. Of course if you require remote access and have done rules to allow WAN side access you need to be far more careful.