dd-wrt permite o uso de iptables. Você pode inserir comandos de firewall na GUI dd-wrt em: Administração- > Comandos- > [insira comandos na caixa de texto- > Salve o Firewall.
Eu roubei, desculpe-me, cite, o seguinte no wiki do dd-wrt :
Suppose I might want to add a rule so that I can ssh into my router from a specific host/address outside. Then I might type the following:
iptables -A INPUT -p tcp -s 150.100.whatever.something --dport 22 -j logaccept
So I am saying: Append to the INPUT chain a rule allowing protocol tcp, with a source address of traffic destined for port 22 on my router, jump to logaccept. I could have used -j ACCEPT which simply jumps to ACCEPT, but in this case I want to log it just to keep track so I use logaccept, which is a chain we have set up for this purpose.
Note: Simply adding a rule to the INPUT chain may be enough to allow remote SSH access from the WAN. However, if your router is still in NAT/Gateway mode and you wish to remap the SSH port to something less traditional on the WAN side (say port 2222), you may Insert a PREROUTING rule instead. This is actually how the GUI does it when you enable remote WAN SSH management.
iptables -A INPUT -p tcp -m tcp -d 'nvram get lan_ipaddr' --dport 22 -j logaccept
iptables -t nat -A PREROUTING -p tcp -m tcp -d 'nvram get wan_ipaddr' --dport 2222 -j DNAT --to-destination 'nvram get lan_ipaddr':22