I installed the latest FriendlyWRT on my NanoPI R2S (20200707). I was very happy that it was such an easy process to write the image to a micro SD card and get it booted.
A few things along the way made me think this project could be reminded about the Principle of Least Privilege (https://en.wikipedia.org/wiki/Principle ... _privilege)

    Log in to the SBC as root on the WAN port without a password. This is low risk as I connected the WAN port of the R2S to my internal network. Will most people do this?
    Default firewall policy of accept on input chain. This should be Drop. Then add a firewall rule to accept from the LAN interface.

As a default, we really have to focus on 100% for LAN and 0% for WAN. Thank you for a powerful SBC & WRT