Openwrt is good as perimeter router, to protect against bugs

ccchan · September 1, 2020, 1:23pm

Just found from cvedetails that openwrt only got handful of bugs each year and usually got patched.
Last week I still use a TP1ink C2, which have a large hole before wannacry (2017), and
Still no update after wannacry! Even another D1ink 842, there are updates but
Seems don’t address the large hole. (both are code execution holes!)

So my opinion is openwrt good as outer router.

But I will still use an inner router, because that old buggy TP1ink C2 got MUCH
Better parental control. You can go see in TP1ink's website, the emulator.
It let you choose device(by mac/ip), target site(by url/ip), schedule time PLAN,
And then choose combination. Openwrt only choose device(mac/ip), target (by ip, no URL), exact time slot, And need enter all again for each entry. Openwrt can block URL by adblock but NO timing can be chosen.

Many people are against "double NAT", so far I am ok with it. And
Indeed I hope it provide further security to my PC.

thanks

trendy · September 1, 2020, 2:28pm

Not true.

geminis3 · September 1, 2020, 2:38pm

TP-LINK firmware is based on a very old version of OpenWRT so it's better to use the latest OpenWRT of you want to protect the router from known exploits.

ccchan · September 1, 2020, 2:50pm

but your method is like "block URL".
and cant set "block URL at a specific time range".

it's better than using adblock to block URL, as adblock will block for ALL device.

trendy · September 1, 2020, 2:55pm

You can combine the block URL with time schedule.

ccchan · September 1, 2020, 3:15pm

pls show me,

using tp1ink, i just click click click is ok.

on openwrt, it really is not easy.

ps I grad-ed from university already, but a layman, not in IT

trendy · September 1, 2020, 3:23pm

Visit the previous link I posted and create the rules with the url ipsets.
Then visit this link and append to the rule the time limit.

ccchan · September 1, 2020, 3:45pm

let me digest and reply within a week or so, thanks
hope it works.

ccchan · September 1, 2020, 5:17pm

unless those 2 pages are made into a GUI (even it's a webpage for clicking).
that's too much to "type" for a layman.

vgaetera · September 1, 2020, 7:32pm

You can just copy-paste the whole code block.

ccchan · September 1, 2020, 8:39pm

tp1ink c2 use this way:

choose device by mac/ip
choose target by url/ip
choose a timetable

then allow you make rules base on above. (allow/deny).

I really dont think that table is as easy as tp1link's.
the table is not easy to understand.