Note that I install unbound-daemon-heavy, you can choose whatever version of unbound you want.
make image PROFILE="router model"
Update the firmware on your router.
You cannot access the router after the flash if you do not configure a fixed ip in your dhcp client, example:
Now if you have access to the router.
I didn't have access because odhcpd is not configured yet.
When you access the router for the first time, you will have to configure minimum odhcpd, unbound and nft. Following this link, search for "Unbound and odhcpd", to configure.
You can configure the wifi and configure the dropbear server to connect via ssh and upload your nftables.conf, add in rc.local
/usr/sbin/nft -f /etc/nftables.conf
You can also upload by ssh to /etc/init.d/nft
# 0 if start OK
# 2 if start NOK
if [ ! -r "$CONF" ] ; then
logger -st $NAME $DESC "Error: No such config file $CONF"
procd_set_param command $BIN -f $CONF
procd_append_param command || return 0
procd_set_param file $CONF
$BIN flush ruleset
logger -st $NAME $DESC "stopped and ruleset flushed"
You need execution permissions
chmod +x /etc/init.d/nft
service nft enable
Remove from rc.local: /usr/sbin/nft -f /etc/nftables.conf
You could have service nft restart / stop / start after modifying any parameter of your nftables.conf file.
nft list ruleset
To start the firewall at the start of the router power-up.
Without this well configured file you will not have internet access.