Can iptables be updated to a newer version in Asuswrt-Merlin ?

[Denna]

Asuswrt-Merlin 380.66_alpha3 uses iptables version 1.4.14 which is almost five years old.

Is it possible to update to version 1.6 ?

 

[RMerlin]

Most likely not, as it would break compatibility with a lot of things, assuming it would even support the kernel used by the firmware. It would be a waste of time as there is no real reason to even try to, and too risky as well.

 

[Denna]

@RMerlin ,

Thanks for the reply.

I was having a problem with the "-j SET" target and thought it might be due to the version of iptables. @redhat27 sorted it out by writing a script to load the SET extension.

Is it normal for a router to use five year old software to build a firewall ?

I saw that Entware-NG had iptables version 1.4.21 for download. If that version wouldn't work, how would you know it was causing a problem if the rules successfully loaded, dropped, accepted, etc. ?​

 

[RMerlin]

Is it normal for a router to use five year old software to build a firewall ?

Yes, because upgrading internal components carries a high risk of breaking something else. That would require much longer development cycles. The common way of handling things is to backport important fixes, rather than upgrade the whole thing, and break a lot of stuff.

Iptables is generally only updated to match the kernel, as the two are closely tied. Kernels are very rarely updated in embedded devices (look at Android phones for an example - when Google updates the Android version on a Nexus device, they don't update the kernel version).