Rob Brewer's Firewall and QoS Scripts for OpenWRT

These scripts are started at bootup in sequence and replace the stock firewall script used by OpenWRT. I use my /etc/modules file to load all the needed modules now, which is why I commented out the insmod lines in these scripts.


Please use caution when applying these scripts to your own router. If you mess up your firewall configuration at boot time, you may not be able to access your router to correct the problem, and you may be forced to reinstall OpenWRT via tftp. To help prevent that, I recommend testing these scripts by running them manually on your router a few times. That way, if you lock yourself out, you can power cycle the router and be back to a known state. Once they are working, put them in your /etc/init.d directory to run them at boot time.

Configuration Details

My home setup is a cable modem with a WRT54GS 1.1 router running OpenWRT's experimental build from 2005-04-23. My only open port to the WAN is ssh, which is forwarded to my server box behind the router. I also have a VoIP adapter (from Sunrocket) and a few other computers on the network.

My ping time to the cable provider is around 20 ms when the link is idle. Without the QoS script, when downloading a large file via TCP the downlink is saturated and my ping times jump to over 1000 ms. Similarly, when doing a large upload my ping times jump to an unacceptable level. My VoIP adapter can be placed in front of the router, and it claims to do QoS. However, it blocks all incoming ports, and seems to limit my downlink rate for TCP to 1 mbps always. That is silly when I'm paying for over 4 mbps from my cable provider.

I have tested the QoS script, and found that my ping time stayed around 20 ms when doing a simultaneous upload and download (using TCP in both directions). The TCP sessions were achieving over 300 kbps upload and 4000 kbps download. I did see one hiccup where the ping time was 250 ms. This should still be acceptable for my VoIP service, but I will need to perform more testing to be sure.

OpenWRT Bugs

While writing and testing these scripts, I have found that my router sometimes hangs if I try to change the QoS settings on the fly too much. I don't know what is happening, but it seems to work fine if I boot it and the script runs once and doesn't change thereafter. Just a note of caution for tinkering.


I'm open to comments and suggestions about the scripts. My email address is