Changing TTL in OpenWrt 22.03

As OpenWrt 22.03 uses nftables to replace iptables, the original ttl command is not working.

Here is how to change ttl for all outgoing interfaces to 65.

SSH to the router and use the following

mkdir -p /usr/share/nftables.d/chain-pre/mangle_postrouting/
echo "ip ttl set 65" >  /usr/share/nftables.d/chain-pre/mangle_postrouting/01-set-tt
fw4 reload

These commands works, but after reboot the device the ttl back to original. Any additional command can keep the ttl settings? Like load that nft file automatically when reboot

Try putting the commands to run when the router boots up via LuCI → System → Startup → Local Startup.

I do not work for and I am not directly associated with GL.iNet

Are we using NF tables now?

As of 22.03, yup… by thefw4 userland, it looks:

When you say put the commands in startup, do you mean the 'mkdir -p /user/share/… ’ lines above?

Not quite. Once you’re done making the directory, execute that command line beginning with echo. Then reload by the fw4 command to have the new firewall changes take effect.

This setting won’t survive a reboot/power cycle though. To do that, add that same echo command line to the Local Startup page @wcs2228 mentioned as the last line before exit 0. Do the same again for fw4 reload immed. before exit 0. Don’t forget to hit the save button(s), of course.

1 Like

** I used the above code and you can see below what I got back from router did it work or no?? should the code be changed?? a novice at all this…



text of my ssh into router

OpenWrt 22.03.4, r20123-38ccc47687

root@GL-MT1300:~# mkdir -p /usr/share/nftables.d/chain-pre/mangle_postrouting/
root@GL-MT1300:~# echo “ip ttl set 65” > /usr/share/nftables.d/chain-pre/mangle_
root@GL-MT1300:~# fw4 reload

Section block_dns (block_dns) is disabled, ignoring section
Section gls2s option ‘reload’ is not supported by fw4
Section gls2s specifies unreachable path ‘/var/etc/gls2s.include’, ignoring sect ion
Section glblock option ‘reload’ is not supported by fw4
Section vpn_server_policy option ‘reload’ is not supported by fw4
Automatically including ‘/usr/share/nftables.d/chain-pre/mangle_output/01-proces s_mark.nft’
Automatically including ‘/usr/share/nftables.d/chain-pre/mangle_postrouting/01-s et-ttl.nft’

DROP all opt – in * out * → match-set GL_MAC_BLOCK sr c

Log into SSH and run the ping localhost or ping (router IP address) command. Does the output show ttl=65?

I do not work for and I am not directly associated with GL.iNet

yes it is ttl=65, so good to go?? thanks for the assist

1 Like

Should be good to go.

As an extra test, you can use the same command to set ttl to 64 and then ping should show ttl=64.

So the above code does work. also added this Configuring SQM to reduce Bufferbloat to get flawless IPTV streaming!!


No need to SSH into router, Really like this use in advanced settings, System, Startup, Local Startup tab… insert 3 or 2 lines of the above code, line one is only run once, then add # before it to stop execution.
Line 1 mkdir -p /usr/share/nftables.d/chain-pre/mangle_postrouting/
Line 2 echo “ip ttl set 88” > /usr/share/nftables.d/chain-pre/mangle_
Line 3 fw4 reload
Reboot the router

I’ve got an A1300 and it’s on OpenWRT 21 and firewall3 not 4. Tried the above commands but doesn’t seem to work with the older version. Anyone ran into this? I see tons of stuff for the older ip table stuff and nftable stuff for version 22 but not 21 and fw3

For older version, pls refer to Change outgoing TTL - #2 by swordfish-ii