diff --git a/openmptcprouter/files/etc/firewall.ttl b/openmptcprouter/files/etc/firewall.ttl
new file mode 100644
index 000000000..e241dbfca
--- /dev/null
+++ b/openmptcprouter/files/etc/firewall.ttl
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+_set_ttl() {
+	device=$(uci -q get network.$1.name)
+	ttl=$(uci -q get network.$1.ttl)
+	if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
+		iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
+	fi
+}
+
+config_load network
+config_foreach _set_ttl device
\ No newline at end of file
diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index 9fb334602..fe0cbdf61 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -150,6 +150,14 @@ if [ "$(uci -q get firewall.gre_tunnel)" = "" ]; then
 		commit firewall
 	EOF
 fi
+if [ "$(uci -q get firewall.ttl)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.ttl=include
+		set firewall.ttl.path=/etc/firewall.ttl
+		set firewall.ttl.reload=1
+		commit firewall
+	EOF
+fi
 if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set firewall.zone_lan.auto_helper='0'