Sorry if I've not been clear. The dd-wrt would go in my client's office to replace an old, failing firewall. I have nothing to do with his vendor's kit (other than vent).
Currently, my client's firewall port-forwards his vendor's three subnets to my client's printer so he can print locally from his online app. My client's vendor doesn't support vpns, and I want to minimize how many people can get to his printer from the interwebs, hence the ip range/port filters. I'm trying to find the best value to manage the traffic, and none of the "home/soho" routers I've found filter on both IP and port; it's either port forward everything or nothing, or go after enterprise level stuff - and he's a very small business not prepared to shell out thousands. (Of course, if someone knows of a nice soho box that does it out of the box I'm all ears! Linksys, Netgear and Buffalo apparently don't, though Buffalo offers a dd-wrt version which got me on this tangent.)
My client's vendor frustrates me no end. And, no, he really can't change.
-jk