Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Moderator: Moderators
Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Gargoyle 1.15.x nftables is an EXPERIMENTAL BETA switching Gargoyle from firewall3 (iptables) to firewall4 (nftables). This is a large rewrite of significant portions of the Gargoyle firewall infrastructure and is therefore prone to bugs being introduced.
Please keep in mind that while I need your feedback, I cannot guarantee this as a stable release, and should only be tested by the adventurous and/or those who are willing to troubleshoot and/or rollback to a previous firmware.
The fantastic news is that this release is 100% configuration compatible with the 1.15.x releases in this thread, so you can move back and forth between them as you wish.
This work is a stepping stone to then move to OpenWrt 24.10 based builds, so it is important to get this right and get it finalised.
Configs should generally not be preserved between 1.14 (and earlier) and 1.15.x. Do so at your own risk.
Please provide your feedback (positive or negative). If you do think you've found a problem it would be incredibly helpful if you also verified that the problem did not exist on the firewall3 1.15.x builds. I'm happy to fix bugs that also existed there, but will be focusing on regressions first.
"BETA - 2025-05-13" Notable changes:
- Switched Gargoyle to nftables
Known Issues
- nfs-kernel-server will not work due to a missing config file
- Email notifications may display no content in some mail clients
Downloads
Please find the downloads here
The plugin repositories are also found in the same location.
Blog Post
Click here to read this article on Tales from @Lantis
Please keep in mind that while I need your feedback, I cannot guarantee this as a stable release, and should only be tested by the adventurous and/or those who are willing to troubleshoot and/or rollback to a previous firmware.
The fantastic news is that this release is 100% configuration compatible with the 1.15.x releases in this thread, so you can move back and forth between them as you wish.
This work is a stepping stone to then move to OpenWrt 24.10 based builds, so it is important to get this right and get it finalised.
Configs should generally not be preserved between 1.14 (and earlier) and 1.15.x. Do so at your own risk.
Please provide your feedback (positive or negative). If you do think you've found a problem it would be incredibly helpful if you also verified that the problem did not exist on the firewall3 1.15.x builds. I'm happy to fix bugs that also existed there, but will be focusing on regressions first.
"BETA - 2025-05-13" Notable changes:
- Switched Gargoyle to nftables
Known Issues
- nfs-kernel-server will not work due to a missing config file
- Email notifications may display no content in some mail clients
Downloads
Please find the downloads here
The plugin repositories are also found in the same location.
Blog Post
Click here to read this article on Tales from @Lantis
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
As a vote of confidence, I've been running this build on my main router at home for several days without incident.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Same, testing since a few days on Archer C7 V2, no problems.
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Hi Lantis
Can you add Xiaomi Router AX3200 to the gargoyle branch since it is a cheap and effective router. Thanks a lot.
https://openwrt.org/toh/xiaomi/ax3200
Can you add Xiaomi Router AX3200 to the gargoyle branch since it is a cheap and effective router. Thanks a lot.
https://openwrt.org/toh/xiaomi/ax3200
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Have you built it yourself and verified it works?behappy wrote: ↑Wed Jun 04, 2025 10:33 amHi Lantis
Can you add Xiaomi Router AX3200 to the gargoyle branch since it is a cheap and effective router. Thanks a lot.
https://openwrt.org/toh/xiaomi/ax3200
The wiki page has more warnings than a bag of fertiliser. It looks like a device that is very difficult to get right as an end user.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Hi Lantis,
Is this ready to build or are you planning more commits in the near future?
Cheers
Is this ready to build or are you planning more commits in the near future?
Cheers
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
No immediate changes, I’ve merged this work into the master branch.
I am aware of one issue (which was already a problem) with QoS and saving connection marks. Apparently it is fixed in kernel 6.13 which I will attempt to backport at some point.
There are a couple of fixes to WireGuard and Samba which are missing from this build. There’s also a reported issue with mvebu devices which I’m working on tonight.
I will probably provide a new build in the coming days that addresses these. It is likely to be the last build based on OpenWrt 23.05.
My next works (started as well) are getting us up to date with OpenWrt 24.10.
I am aware of one issue (which was already a problem) with QoS and saving connection marks. Apparently it is fixed in kernel 6.13 which I will attempt to backport at some point.
There are a couple of fixes to WireGuard and Samba which are missing from this build. There’s also a reported issue with mvebu devices which I’m working on tonight.
I will probably provide a new build in the coming days that addresses these. It is likely to be the last build based on OpenWrt 23.05.
My next works (started as well) are getting us up to date with OpenWrt 24.10.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
OK, cool. I do use QoS but only to put non static ip's into the slow class and haven't had any problems with it, the rest doesn't apply to my builds. I Will try a build tonight or tomorrow from Master for my Netgear R8000 and test it out for a while.
Thanks
Thanks
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
Device Name:Gargoyle
Gargoyle Version:1.15.X (Built 20250614-1644 git@b9d08479)
Model:Netgear R8000 (BCM4709)
Device Configuration:Gateway
Memory Usage:44.2MB / 244.6MB (18%)
Did a lite build, preserved settings and flashed without any problems other than getting logged out every 10 seconds but a reboot sorted that.
It's only been three days but have had no issues at all. I'm using QoS and quotas and everything seems the same using nftables. The system logs are basically the same although I haven't seen any firewall restarts which I was getting before.
Thanks
Gargoyle Version:1.15.X (Built 20250614-1644 git@b9d08479)
Model:Netgear R8000 (BCM4709)
Device Configuration:Gateway
Memory Usage:44.2MB / 244.6MB (18%)
Did a lite build, preserved settings and flashed without any problems other than getting logged out every 10 seconds but a reboot sorted that.
It's only been three days but have had no issues at all. I'm using QoS and quotas and everything seems the same using nftables. The system logs are basically the same although I haven't seen any firewall restarts which I was getting before.
Thanks
Re: Gargoyle 1.15.x nftables EXPERIMENTAL BETA - 2025-05-13
I'm getting these errors in my logs when saving changes to Restrictions, Quotas or QoS.
Cheers
Code: Select all
Thu Jun 19 07:42:14 2025 daemon.err uhttpd[2209]: Error: syntax error, unexpected '}'
Thu Jun 19 07:42:14 2025 daemon.err uhttpd[2209]: add rule inet fw4 mangle_qos_egress_bw ip6 saddr {} ct mark set ct mark & 0xF0FFFFFF | 0x0F000000
Thu Jun 19 07:42:14 2025 daemon.err uhttpd[2209]: ^
Thu Jun 19 07:42:14 2025 daemon.err uhttpd[2209]: Error: syntax error, unexpected '}'
Thu Jun 19 07:42:14 2025 daemon.err uhttpd[2209]: add rule inet fw4 qos_ingress_bw ip6 daddr {} ct mark set ct mark & 0xF0FFFFFF | 0x0F000000
Thu Jun 19 07:42:14 2025 daemon.err uhttpd[2209]: ^
Thu Jun 19 07:42:16 2025 daemon.err uhttpd[2209]: Error: syntax error, unexpected '}'
Thu Jun 19 07:42:16 2025 daemon.err uhttpd[2209]: add rule inet fw4 mangle_qos_egress_bw ip6 saddr {} ct mark set ct mark & 0xF0FFFFFF | 0x0F000000
Thu Jun 19 07:42:16 2025 daemon.err uhttpd[2209]: ^
Thu Jun 19 07:42:16 2025 daemon.err uhttpd[2209]: Error: syntax error, unexpected '}'
Thu Jun 19 07:42:16 2025 daemon.err uhttpd[2209]: add rule inet fw4 qos_ingress_bw ip6 daddr {} ct mark set ct mark & 0xF0FFFFFF | 0x0F000000
Thu Jun 19 07:42:16 2025 daemon.err uhttpd[2209]: