ReceiverM

This is neither necessary nor requested

But a basic functionality would be nice - like blocking IP addresses/ranges or open just a few single ports.

I know that is was available for some of these "old boxes" (e.g. vusolose or dm520).

That's why I am surprised that it doesn't work with such new devices like the multibox.

As you mentioned the SF8008 in the wireguard thread, we may could have a look at this one, cause it looks like it is enabled there.

This is really a pity, because there is even an interesting OpenPLi Addon for it. ( enigma2-plugin-security-firewall.bb / firewall.sh )

In the past iptables were always included, why are these then not further supported?

Especially for not that experienced users an easy understandable and predefined standard protection via iptables would be more helping than harming?

Apparently I have but a heavy stand and the feature will no longer exist

Actually no: I have several (v)LANs and have controlled access/restriction using iptables so far. Just like some routings (masquerade).

What do you have against such a common system (security) feature? Even due to the bad secured system this is a very helpful tool?
My NAS or raspberry, for example, is also only not directly connected to the internet and I also set various access permissions there.

No matter which iptables command I want to execute it always comes up with the same error. Even if I want to create the table 'filter' or just output listings.

I am relatively sure that at least CONFIG_IP_NF_FILTER should be activated?

As it is described ( https://cateee.net/l..._NF_FILTER.html ) with:

"Packet filtering defines a table `filter', which has a series of rules for simple packet filtering at local input, forwarding and local output. See the man page for iptables(8)."

About all the other I am not sure but these looking useful as well

- CONFIG_NF_CONNTRACK for masquerading and NAT translation

- CONFIG_NF_REJECT_IPV4 / CONFIG_NF_REJECT_IPV6 to reject packets

...

Maybe one of the kernel professionals here could take a look at it and send a pull-request to the manufacturer?