I first upgraded and then wiped and factory installed v22.03 for the MyBookLive onto a test device and found it was still using the iptables Firewall 3 in both cases. I tried to installed FW4 using opkg but this produced errors. I eventually removed FW3 and got FW4 in place after some trial and error.
Looking at the config.buildinfo for this device on the v22.03 release page it still has FW3 selected and not FW4. This somewhat defeats the primary objective of V22.03 in moving to nfttables with FW4.
Could the maintainer please update this device to FW4.
yes, looks like uci-firewall defaults to firewall over firewall4.
As for how this all comes together. @hurricos rightly stated the MyBook Live uses the DEVICE_TYPE := nas but the patch that "switched" the build to use firewall4 just set it on the DEVICE_TYPE := router
The "NAS" target doesn't include any firewall package. In case of the MyBook Live (and maybe other older NAS with a single core) a running firewall slows samba/nfs/sftp/rsync/9p/ftp down. It would be great if luci could be installed without luci-app-firewall.
The offiicial V21 & V22 release builds for the MyBookLive contain the firewall(3) packages and this can be seen in the buildinfo.config files. Are the release build configurations defined separately from the Git source tree as it is unclear how the release images end up including FW3?
I use a firewall on the NAS even though it is only directly accessible from within my home LAN as I subscribe to the "defence-in-depth" approach to security i.e. never rely on a single mechanism to protect important data. It also allows me to block guests (family / friends) who are visiting and who inevitable start with "Hello, btw what's the wi-fi password?"