Hi,
I need a security-oriented WiFi 6E/7 router with 1/2.5/10Gbps Ethernet ports for home that meets the following criteria:
- Capable of creating Layer-2-Isolated VLAN's for 4+ LAN clients
- Capable of creating Layer-2-Isolated VLAN's for 4+ WLAN clients
- Allows for SSH-based cusotmizations, such as wiriting, saving, and applying custom IPTables, EBTables, and/or ARPTables
- Allows for SSH-based customizations to execute on boot via a script with assumption there is some guidance on how to do that
- Allows for disablement of sending any and all telemetry to router maker/manufacturer or whichever 3rd party, which should be each to accomplish with custom IPTables
- No in-bound traffic is to be allowed onto the router itself from WAN, which should be easy to accomplish with custom IPTables
- Continued strong support from router makers in regards to firmware, hardware drivers, and kernel
- Allow application of router firmware updates and router application updates manually via SSH
- Preferably follows strict secure design where each internal application runs in user mode and in its own container/sandbox
- Preferably can run DNSCrypt-Proxy, and/or OpenVPN, and/or WireGuard for all clients
I don't care for AI features, meshes, throughput-improveming traffic schedulers, and intrusion prevision systems because none of the clients host for LAN or WAN and each client exclusively uses OpenVPN and/or WireGuard VPN.
My threat model involves those who are able to get past any SNORT and/or SURICATA based intrusion system and prefer to exploit hardware via drivers and other low level methods, with which I am not familiar. That is why "Continued strong support from router makers in regards to hardware drivers and kernel" is very important to me.
I need a security-oriented WiFi 6E/7 router with 1/2.5/10Gbps Ethernet ports for home that meets the following criteria:
- Capable of creating Layer-2-Isolated VLAN's for 4+ LAN clients
- Capable of creating Layer-2-Isolated VLAN's for 4+ WLAN clients
- Allows for SSH-based cusotmizations, such as wiriting, saving, and applying custom IPTables, EBTables, and/or ARPTables
- Allows for SSH-based customizations to execute on boot via a script with assumption there is some guidance on how to do that
- Allows for disablement of sending any and all telemetry to router maker/manufacturer or whichever 3rd party, which should be each to accomplish with custom IPTables
- No in-bound traffic is to be allowed onto the router itself from WAN, which should be easy to accomplish with custom IPTables
- Continued strong support from router makers in regards to firmware, hardware drivers, and kernel
- Allow application of router firmware updates and router application updates manually via SSH
- Preferably follows strict secure design where each internal application runs in user mode and in its own container/sandbox
- Preferably can run DNSCrypt-Proxy, and/or OpenVPN, and/or WireGuard for all clients
I don't care for AI features, meshes, throughput-improveming traffic schedulers, and intrusion prevision systems because none of the clients host for LAN or WAN and each client exclusively uses OpenVPN and/or WireGuard VPN.
My threat model involves those who are able to get past any SNORT and/or SURICATA based intrusion system and prefer to exploit hardware via drivers and other low level methods, with which I am not familiar. That is why "Continued strong support from router makers in regards to hardware drivers and kernel" is very important to me.
Last edited:
