Note that I install unbound-daemon-heavy, you can choose whatever version of unbound you want.
Now compile.
make image PROFILE="router model"
Update the firmware on your router.
IMPORTANT NOTE:
You cannot access the router after the flash if you do not configure a fixed ip in your dhcp client, example:
192.168.1.40
255.255.255.255
gateway 192.168.1.1
Now if you have access to the router.
I didn't have access because odhcpd is not configured yet.
When you access the router for the first time, you will have to configure minimum odhcpd, unbound and nft. Following this link, search for "Unbound and odhcpd", to configure.
You can configure the wifi and configure the dropbear server to connect via ssh and upload your nftables.conf, add in rc.local
/usr/sbin/nft -f /etc/nftables.conf
You can also upload by ssh to /etc/init.d/nft
#!/bin/sh /etc/rc.common
START=90
USE_PROCD=1
CONF=/etc/nftables.conf
DESC="firewall service"
NAME=nftables
BIN=/usr/sbin/nft
start_service() {
# Return
# 0 if start OK
# 2 if start NOK
if [ ! -r "$CONF" ] ; then
return 2
logger -st $NAME $DESC "Error: No such config file $CONF"
fi
procd_open_instance
procd_set_param command $BIN -f $CONF
procd_append_param command || return 0
procd_set_param file $CONF
procd_close_instance
}
stop_service() {
$BIN flush ruleset
logger -st $NAME $DESC "stopped and ruleset flushed"
}
boot() {
start
}
You need execution permissions
chmod +x /etc/init.d/nft
service nft enable
Remove from rc.local: /usr/sbin/nft -f /etc/nftables.conf
You could have service nft restart / stop / start after modifying any parameter of your nftables.conf file.
nft list ruleset
To start the firewall at the start of the router power-up.
Without this well configured file you will not have internet access.