Gargoyle 1.15.x nftables is an EXPERIMENTAL BETA switching Gargoyle from firewall3 (iptables) to firewall4 (nftables). This is a large rewrite of significant portions of the Gargoyle firewall infrastructure and is therefore prone to bugs being introduced.
Please keep in mind that while I need your feedback, I cannot guarantee this as a stable release, and should only be tested by the adventurous and/or those who are willing to troubleshoot and/or rollback to a previous firmware.
The fantastic news is that this release is 100% configuration compatible with the 1.15.x releases in this thread, so you can move back and forth between them as you wish.
This work is a stepping stone to then move to OpenWrt 24.10 based builds, so it is important to get this right and get it finalised.
Configs should generally not be preserved between 1.14 (and earlier) and 1.15.x. Do so at your own risk.
Please provide your feedback (positive or negative). If you do think you've found a problem it would be incredibly helpful if you also verified that the problem did not exist on the firewall3 1.15.x builds. I'm happy to fix bugs that also existed there, but will be focusing on regressions first.
"BETA - 2025-05-13" Notable changes:
- Switched Gargoyle to nftables
Known Issues
- nfs-kernel-server will not work due to a missing config file
- Email notifications may display no content in some mail clients
Downloads
Please find the downloads here
The plugin repositories are also found in the same location.
Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Moderator: Moderators
Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
As a vote of confidence, I've been running this build on my main router at home for several days without incident.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Same, testing since a few days on Archer C7 V2, no problems.
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Hi Lantis
Can you add Xiaomi Router AX3200 to the gargoyle branch since it is a cheap and effective router. Thanks a lot.
https://openwrt.org/toh/xiaomi/ax3200
Can you add Xiaomi Router AX3200 to the gargoyle branch since it is a cheap and effective router. Thanks a lot.
https://openwrt.org/toh/xiaomi/ax3200
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Have you built it yourself and verified it works?behappy wrote: ↑Wed Jun 04, 2025 10:33 amHi Lantis
Can you add Xiaomi Router AX3200 to the gargoyle branch since it is a cheap and effective router. Thanks a lot.
https://openwrt.org/toh/xiaomi/ax3200
The wiki page has more warnings than a bag of fertiliser. It looks like a device that is very difficult to get right as an end user.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Hi Lantis,
Is this ready to build or are you planning more commits in the near future?
Cheers
Is this ready to build or are you planning more commits in the near future?
Cheers
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
No immediate changes, I’ve merged this work into the master branch.
I am aware of one issue (which was already a problem) with QoS and saving connection marks. Apparently it is fixed in kernel 6.13 which I will attempt to backport at some point.
There are a couple of fixes to WireGuard and Samba which are missing from this build. There’s also a reported issue with mvebu devices which I’m working on tonight.
I will probably provide a new build in the coming days that addresses these. It is likely to be the last build based on OpenWrt 23.05.
My next works (started as well) are getting us up to date with OpenWrt 24.10.
I am aware of one issue (which was already a problem) with QoS and saving connection marks. Apparently it is fixed in kernel 6.13 which I will attempt to backport at some point.
There are a couple of fixes to WireGuard and Samba which are missing from this build. There’s also a reported issue with mvebu devices which I’m working on tonight.
I will probably provide a new build in the coming days that addresses these. It is likely to be the last build based on OpenWrt 23.05.
My next works (started as well) are getting us up to date with OpenWrt 24.10.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
OK, cool. I do use QoS but only to put non static ip's into the slow class and haven't had any problems with it, the rest doesn't apply to my builds. I Will try a build tonight or tomorrow from Master for my Netgear R8000 and test it out for a while.
Thanks
Thanks