Greetings,
I've got a Linksys EA6350 (v3) and have just spent about 3 hours scouring the website. There's a ton of information up here so if I missed the answer I'm truly sorry. I'm wanting this thing to be more robust in the port forwding/packet filtering arena than it is. Stock, it's pretty lame. I've been a UNIX/Linux/BSD developer for about 24 years and don't have much trouble with nftables, iptables, ipfilter, ipfw etc. to accomplish these things. Sometimes I added tools like fail2ban for DDos attack responses. It seems like I should be able to do all these things with OpenWRT but am not sure.
Again, if I missed this in some of the documents up here, humble apologies for wasted bandwidth.
OpenWrt is a (small) linux distro. The firewall (now FW4) is quite full featured, and you can do generally all the same things you would be able to do on a big distro (save for RAM/storage + processor limitations when running on an embedded/AiO device like a wifi router; those limitations fall away if you're using more powerful devices like recent ARM SBCs or x86).
The firewall can be as basic/coarse or as complex/granular as you wish to make it -- you can craft rules using the higher level UCI syntax or lower level nftables and ipsets methods, depending on the required complexity of any given ruleset and the environment that is most comfortable to you.
fail2ban doesn’t really do anything against DoS/DDoS attacks when you are on the reciving end of the global flood of data filling up your incoming internet line.