For anyone who prefers a more minimalist approach to managing ip[6]tables rules, I have created a simple init script, which can be found at https://github.com/ipilcher/openwrt-iptables.
Note that the provided configuration files enable only ssh. (IP forwarding and NAT are both disabled.)
Enjoy!
Nice.
Just out if curiosity whats your preference for raw iptables over fw3 (and the various uci config scripts)?
It's a combination of a couple of things.
Simplicity - I use my OpenWRT device as a wireless access point only. It's basically a layer-2 device; layer-3 is used only for administrative access. Thus, I don't need the majority of the functionality that the standard tools provide.
Familiarity - I've been using iptables and ip6tables "directly" for almost 20 years now on Red Hat/CentOS/Fedora distros. (I haven't migrated any of my systems to firewalld.) Since I only need a very simple setup (see point #1), I prefer to use the same tooling that I use on all of my other systems.