Netify for OpenWrt


Netify is designed to run in tight spaces, so the memory requirements are modest and generally not a concern for OpenWrt deployments. As for CPU, the underlying Netify deep packet inspection engine requires about the same amount of horsepower as an intrusion detection/prevention system - the busier the network, the more CPU cycles required.
Netify on Firewalls and Routers


Version 19.07 or later

Sorry, we do not support OpenWrt below version 19.07.

Web Console / Luci

You can install Netify directly from the OpenWrt Software install page in the web-based administration tool - Luci. In the web-based interface, click on the "System > Software" in the top menu. Make sure the software lists are up-to-date, and then search for netify using the built-in filter. Click on Install for the netifyd package (see screenshot).

Command Line

If you prefer the OpenWrt command line, you can run the following to install Netify:

opkg update
opkg install netifyd

Upgrading to the Latest Netify Agent

OpenWRT firmware/images are updated a few times a year and this includes the software package repositories. Netify's development and release cycle is often more frequent that this, and you may find your system running an older version of Netify.

To determine if an upgrade is available, compare the version of Netify as displayed in Luci web interface with packages from the snapshot list available here. Select the folder corresponding to the architecture specific to your system, then select the Packages folder and search for "Netifyd".

From the command line, run netifyd -V to see what version you're running.

The example shown illustrates a new upgrade is available - Netifyd 3.05-1, as compared to the screenshot of the Luci software package installer which shows 2.88-2 is installed.

To install an upgrade, copy the ipk file URL link from the package list. For example:

Paste this URL into Luci's "Download and install package" and click on the OK

Once a new version of Netify is installed, the Luci interface can be confusing by indicating an "Upgrade" is available. After upgrading to a newer version of Netify from the snapshots repository, an upgrade will actually just be a downgrade to the original version of Netify.

For those that prefer the command line, upgrades can be performed using the following syntax (note, the URL may differe depending on architecture and version):

opkg install
If you are getting any errors from the Luci or the opkg command, try using the HTTP (not HTTPS) form of the download link - it will avoid any potential SSL certificate errors.


Netify will automatically detect the network interfaces and roles defined in OpenWrt.


With the installation and setup completed, you can now start and enable Netify:

netifyd --enable-sink
service netifyd enable
service netifyd restart


With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent

What is OpenWrt


OpenWrt is an open source, Linux-based firewall and routing software solution designed for embedded devices. Typically, OpenWrt is used as replacement firmware on commercial routers and WiFi devices from Netgear, Linksys, Asus, TP-Link and others.

OpenWrt includes the features available in commercial firmware, but with improved performance, stability, security and features. The software brings the rich feature set of commercial routers with the benefits of open and extensible software packages. OpenWrt features include:

  • Web-based Interface
  • Extensive WiFi tuning for better coverage
  • Firewall
  • VPN
  • Traffic Shaping/QoS
  • and more