Upgrading/installing 24.10.0 bricked the router

So after this issue Firewall traffic rules not working after upgrading to 24.10.0 I downgraded back to 23.05.5 and it resolved the problem.

But I still wanted to find out what is the problem exactly and do more testing so I tried upgrading to 24.10.0 again. And this time after upgrading my router was bricked...
As far as I can tell from the LED status the upgrade was finished successfully but for some reason the router became completely inaccessible after (LuCi, SSH, ping, cable, wifi, etc.). Rebooting/re-plugging the cable didn't help.
It was just a regular sysupgrade like I did many times before. I also verified the firmware hash beforehand so it wasn't corrupted or broken.

Then I debricked the router and tried installing 24.10.0 from stock and... after the upgrade router got bricked again the same way as the first time.

Then I debricked it again and installed 23.05.5 from stock. It was installed smoothly and with no issues.

At this point I'm done with 24.10.0 and don't want to troubleshoot its issues anymore. It's definitely not a stable release (at least for my platform/router). I will stay at 23.05.5 as long as possible or until these problems are confirmed to be resolved.

Just posting this to warn others. Please think twice before upgrading or be ready for a long debugging/debricking session and have enough time to spare (and preferably a backup router for the worst-case scenario).

My device is Xiaomi Mi Router 4A Gigabit Edition

You failed to mention in this "warning" that you altered the underlying firewall behavior to be different than the default OpenWrt environment. It was discussed extensively in the previous thread. Each time it was brought to your attention, you seemed to forget or not understand why you followed or linked a Wiki page describing the alterations.

It's cool that you've read the previous thread.
But I suppose you haven't read this thread further that the 2nd paragraph.

You may refuse to admit that there is something wrong with 24.10.0 and keep blaming my changes that are so bad that they keep breaking things even on clean installation after wiping the firmware and debricking

Sure, I won't argue. Just wanted to share my experience and warn others.
Looking forward to other reports where 24.10.0 caused problems

So you agree you made non-UCI changes?

I do agree there's been a number of reports for 24.10.0. Some have been PHY, network, firewall, etc. One user noted that a port simply doesn't work (but they were banned soon after for cursing and becoming irate when asking them for logs, etc.).

Lastly, it's still unclear why you made those changes - and as a lot of posters do, they simply refuse to explain. I would ask if the Wiki should simply be deleted, but I think that point is missed as well (i.e. we think you're running arbitrary firewall scripts from the WIki, then complaining 24.10.0 doesn't work).

I did read - but it's unclear what steps you took after you did so to cause the subsequent soft brick.

Not trying to argue, but discussion while in confusion - at why people keep saying there's issues with 24.10.0 - then refuse to help anyone with the power to assist.

I did that in the past, it never helped me.

I didn't deny it and explicitly mentioned in the previous thread what change exactly I've made. This is the script for reordering firewall rules.
I haven't made any other non-UCI changes except of this one.

I have mentioned this in the previous thread too. In order to handle the established connections and apply time restrictions correctly.

Yet, I still don't see how it might cause bricking on a clean installation.

Maybe because the issue is in the firmware itself?
And people keep blaming my change instead.
Well, naturally I will revert to one that works and keep using it instead.

• But those changes are unnecessary
• You never showed us the time firewall rules for these "restrictions" - you merely mentioned them
• You don't explain why the WIki script was applied - and we donno and can't guess

First of all, as ever,

The Xiaomi 4A Gigabit is not exactly an obscure device, it's a fairly popular OpenWrt target. As such, one would expect that your experience is not an isolated one. However, I can't see other reports of Xiaomi 4A owners that 24.10 bricked their device.

This inevitably brings up the question: Is your particular device special or is your process?

In the interest of furthering the community it would be helpful if you didn't just leave a drive-by dump in the forum, but remained available to the devs to actually pinpoint and remedy the problem.

I assigned it out of respect and courtesy to the OP.

I'll remove it to encourage hearty (and nice-healthy) discussion.

Edit -

BTW - The issue was explained and a suggested solution for 24.10.0 was provided:

It was explained:

This caused confusion - because you had already re-arraigned your rules by running an arbitrary script.

I feel like we are going in circles here.
I'll summarize the previous thread one last time (which is still not related to bricking on a clean installation though):

The rule itself is in the very first message of the previous thread.

That's literally what the Wiki says:

to enforce time restrictions for already established connections.

See Wiki quote. I don't know why you are saying it's unnecessary but without it the rule didn't apply for the connections that are already established.

Except of that, I haven't made any manual non-UCI changes.
Which anyways is not related to a clean installation.

Exactly the same steps I that are described in the device's Wiki page and that I did many times before.

I think that several brickings with clean installation of 24.10.0 are indicative of something wrong with it. Then I repeated exactly the same process with 23.05.5 and it was installed properly on the first attempt.

FWIW, I recently upgraded such a device (preserving the settings) from 23.05.5 to 24.10.0 without any problems.

root@Xiaomi:~# ubus call system board
{
        "kernel": "6.6.73",
        "hostname": "Xiaomi",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Xiaomi Mi Router 4A Gigabit Edition",
        "board_name": "xiaomi,mi-router-4a-gigabit",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.0",
                "revision": "r28427-6df0e3d02a",
                "target": "ramips/mt7621",
                "description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
                "builddate": "1738624177"
        }
}

I also upgraded it fine for the first time about a week ago (see the previous thread).
But I run into some issues so I reverted back to 23.05.5.

Yesterday I wanted to debug them more closely so I tried upgrading to 24.10.0 again which caused bricking this time. And I couldn't even do a fresh installation of 24.10.0 after debricking.

@ichaban without discarting any problem in 24.10.0 (I have performance problems with DAP-2610, an ipq40xx device) could it be some kind of bad flash/error while flashing?

I followed the upgrade/install procedure closely and verified the firmware hash in every case. Both times (upgrade and fresh install) 24.10.0 has bricked the router.
Even though the week before I upgraded successfully.

There must be some kind of bad flash/error while flashing but how to know what exactly?
And why it happens to 24.10.0 only while 23.05.5 was installed with no problems?

Do you have serial port access to the device?

No, I don't, unfortunately.

Last time you debricked, was it by tftp?
Can you confirm which files you used, I have four of these sitting around, two converted, two still boxed.

I debricked it using the Hoddys Guide “Xiaomi 4A GIG Debrick Tool (English)” link.
Then I used https://downloads.openwrt.org/releases/24.10.0/targets/ramips/mt7621/openwrt-24.10.0-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-sysupgrade.bin firmware for clean install (the guide specifically says that squashfs-sysupgrade.bin image should be used for the first installation).

When it got bricked I debricked it again using the same guide and installed https://downloads.openwrt.org/releases/23.05.5/targets/ramips/mt7621/openwrt-23.05.5-ramips-mt7621-xiaomi_mi-router-4a-gigabit-squashfs-sysupgrade.bin with no issues.

If you are comfortable debricking, could you try an auc attended sysupgrade to 24.10?
This would keep all of your 23.05 changes in place and do an attended sysupgrade to 24.10, which should resolve your issue.

I'm asking about the time restriction you mentioned. It says nothing about the time.

I read the Wiki - but you didn't post a time-based firewall rule.

Additionally the Wiki was written before 24.10.0. Perhaps we all failed to highlight this and the issue with your script. That is why I mentioned the possibility of deleting the information.

So where is your time-based rule?

I may be missing the issue and reason for your scrpit altogether. My apologies.

I hope you solve your separate bricking issue.

I am sorry to hear you bricked your router.

About the script it is stated by me that the script needs to be adapted for 24.10 as the syntax in fw4 is slightly altered.
As also remarked by @brada4

Edit: not tested but something like this, replace:

ER_RULE="$(nft -a list chain inet fw4 forward \
| sed -n -e "/\sestablished,related\saccept\s/p")"

with:

ER_RULE="$(nft -a list chain inet fw4 forward | grep "established")"