Questions about how to use OpenWrt to improve network security and prevent malware

I wonder why my post it was just a very normal question about which I don't know but it got flagged? I really do not understand. I just joined the forum and I asked here if I might know if using OpenWrt will help prevent devices on the private VLAN from exceeding some upload speeds and especially I use some games play techloky name on android. So does OpenWrt help ensure safety and prevent malicious code? I'm not very tech savvy so I hope you guys can help. Asking such questions is a violation. I really don't understand why call me an advertisement when I don't even know what I'm promoting??

1 Like

@ClarettaDooley - I've taken the liberty of moving your post to a new thread so that you can get more targeted answers to your questions.

I'll give some broad responses, and others may chime in with more details:

Take a look at the various traffic shaping methods (QoS) such as the Cake packags and the like. You can set policies for bandwidth on a per network basis and in some cases (with more complex setups) at the individual host level. This quickly requires more advanced knowledge and configuration skills, but you can get some basic things setup fairly easily with the documentation that is available.

Generally speaking, OpenWrt is considered a secure router from the perspective of preventing bots/hackers on the internet from directly gaining access to your network. However, routing happens at a pretty low level (L3) and really just worries about moving packets of data, not what the data actually is. Malware generally happens at much higher levels, including the L7 application layer. (see the OSI model). OpenWrt cannot directly prevent attacks at that level, and often an infected/compromised computer is actually reaching out and establishing a connection with an external command and control server, rather than attacks form outside reaching in.

There are things you can do, though. DNS based solutions are useful for blocking domains that are known to be bad actors. You can also setup IPsets and other IP banning techniques to do similar blocks at IP levels. And you can install intrusion detection packages like Snort -- but be aware that these require massive resources to run -- a typical home router will basically grind to a halt because it won't have the CPU horsepower and RAM to run... for this, you'd need to run on a much higher end device -- x86 for example, or a well equipped ARM based router device. This is also true for other firmware or security/firewall appliacnes that are evaluating the data for patterns that might be indicative of malware.

The stuff I've mentioned here is likely above your current skill set if you say that you're not very tech savvy... you can learn to do this stuff (plenty of help available on this forum), but installing OpenWrt alone won't give you those extra features and capabilities. However, OpenWrt is likely more secure than the vendor provided firmware you may have on your devices now.


OpenWrt comes with two mayor things that matter a lot on a global scale.

  1. A kernel that is alive. It ain’t bullet proof to DDoS bots but if they actually penetrate this kernel in a zero-days-exploit, well the interesting news is that the opponent is actually good at what they are doing. And how does the rest of the internet works anyway in that circumstances?

  2. A firewall that work on all ports. That is not necessary the case on normal home routers as they many times only cares about the first 4000 or 8000ports and leave the rest open.

But as mentioned above, the network equipment doesn’t save you from bad online behavior on the last line of defense in a deep defense setup.

And deep package inspection…, well it sounds cool but most internet traffic as of today is end-to-end TLS traffic anyway so deep package inspection doesn’t say much anyway anymore.


So here is one perspectivr to keep in mind:
OpenWrt's security, while decent, is neither absolute nor perfect, so make sure to also keep all internal machines as up to date as possible and enable firewalls on all endhosts. Sort of assume that your home-network is an adversarial environment and tread carefully... (OpenWrt's defaults likely will make this assumption untrue, but better safe than sorry).
Also look at your router's logfiles every now and then...


this comes across as if it were an unrelated advertisement for a highly questionable website that appears to be a source for modified versions of other people's APK apps that in all likelihood do very bad stuff (such as spyware, botnets, keystroke logging who knows what? ) stuck in the middle of your post.

TechLoky distributes apps such as TikTok, Soundcloud, Facebook, Tinder, Spotify, etc but modified versions and that can only be malicious in some way.

That's why it was flagged.