So apparently this has become illegal, and neither google or me playing 
around has figured out how to update it. Input is most welcome.

+ iptables -t nat -A prerouting_rule -i br-lan -p tcp --dport 80 -j 
REDIRECT --to-port 3128
+ iptables -t nat -A prerouting_rule -p tcp --dport 2020 -m state 
--state NEW -m recent --name ATTACKER_SSH --rsource --update --seconds 
120 --hitcount 5 -j DROP
iptables v1.4.3.2:
The "nat" table is not intended for filtering, the use of DROP is 
therefore inhibited.

Try `iptables -h' or 'iptables --help' for more information.

This is a openwrt router running the old firewall (not supported or I 
would have asked on their mailing list) I will attach it encase anyone 
wants to give it a quick peek and finds anything terribly wrong/outdated 
(but it does currently work fine).

Thank you for your time.