Alternative to openwrt firewall?

with all the fancy of the Omina router the openwrt firewall (implementation) appears rather basic and something barebone in comparison.

Maybe I am bit spoiled using pfsense and csf firewalls in other places but cannot help to find the openwrt firewall somewhat lacking and uninspiring in features, modularity, scalability and usability.

Are there any firewall alternatives for the Omina, as opposed to having to route through a firewall residing inside a container installation? Latter I would consider neither a robust nor a desirable workaround.

Untangle looks interesting, anyone having tried it?


What exactly it is lacking? Are you using it for home or office use?

I did not tried Untangle but you could try to run FreeBSD on Omnia and if it works put pfSense on it.

  • ipset Integration for handling black/white/ciidr/country lists
  • black/white list import/roll over automation
  • temporary/permanent black/white listing rules
  • log flood protection rules
  • email alerting/reporting
  • geoip integration

Seeing the data from other sites it does not seem to matter anymore whether the exposure to the web is commercial or private.

i suppose you’d get some of this if opt-in for data collection and stuff.

but yes, the default does only provide the minimum of what is needed :wink:


  • *bsd will not run on the omnia.
  • you can have debian, suse, untangle and openwrt besides turris-os

Untangle seems to be debian kernel based.

pfsense managed their tailored freebsd kernel for the arm architecture and in another forum thread someone offered to port it for the Omnia, but seems that has no led to such development.

yea, that “someone” is pfsense lead-dev and from the looks he abandoned the idea for lack of engagement and/or now sells similar hardware by himself.

I use Untangle but on my old x86-64 board and yes - it is debian.
There are images on download page of Untangle directly for Linksys WRT 1900ACS and Turris Omnia
and Wiki

To undestand differences between mature and Omnia version of UTM see where it is explained.
It’s mostly about RAM limitation. So IPS (Suricata), Squid, ClamAV etc. won’t be probably working.
And I’m not sure if you have to pay not to have “lite” versions of appcontrol, web filter, SSL inspector etc.

Anyway if you will try please let me know I’m very interested.

Too bad, it looks like an opportunity missed really

Reckon the omnia board is from Compex and thus their own branded CompexWRT should be working too, not that it makes any difference on the firewall though

I probably will, considering that open/turris os feels a bit incomplete and pacakage maintainance not up to speed.

@blbeczech82 decided against untangle for privacy concerns such as counting the network clients and subsequent feature throttling. Whilst I can appreciate their business model it is a no go for me.