Would it be possible to get version or images of initramfs kernel without firewall ?
If the AP is located in remote place (high pole, ceiling in warehouse - 10+meters,..) then it's hard to get hands on LAN port and mgmt IP 192.168.1.1 after "upgrade" to OpenWRT . Also Wlan radio is off.
I just need this for installation of OWRT, afterwards i roll my own packages etc via firmware-selector.openwrt.org, but i would rather have fwall disabled then to climb ladders.
(just in case it is not obvious) the user has not to build from source but can just use the image-builder. Also the user does not have to even provide a custom UCI config, the image-builder can be told to disable certain services, like in this case the firewall. So the default rule set would be present but not active till it gets enabled.
Yes, of course you are right, I have just missed that.
Yes, to enable/configure WiFi, you have to use a custom UCI script, or provide a complete /etc/config/wireless. But both can be done with the image-builder.
openwrt-imagebuilder-23.05.0-rc2-ipq40xx-mikrotik.Linux-x86_64/build_dir/target-arm_cortex-a7+neon-vfpv4_musl_eabi/linux-ipq40xx_mikrotik/vmlinux-initramfs
is "the one"
It's a long time I had to build a snapshot with the image-builder, so I'm not quiet sure if this is by design or an current issue
You could always build from source. https://openwrt.org/docs/guide-developer/toolchain/use-buildsystem
I would recommend to use a Debian or Ubuntu VM with at least 40 GB of storage and as much RAM as you can assign to it. Same for CPU, the more the better.
Then build a first time without any modifications. Should take 1 to 2 h on moderate hardware. If you have plenty of RAM and can build in a RAM tmpfs then you can get it down to like 15 min...
However, after the first successful build, modify/customize as you need an rebuild. A rebuild is usually quiet fast. (Building the toolchain and stuff the first time takes quiet some time...)
All, to be clear, I realized the OP never actually stated this - it's only been implied:
the firewall needs to be off because the WAN port will be used to re setup the OpenWrt (or initially install it)
whatever state the device is in, the OP has reset it (or it's in a new state - i.e. WiFi off by default)
What I'm confused at is the need for a IntramFS image. It seem the OP's intention is to do initial installations of OpenWrt on equipment mounted in unaccessible locations.