How exactly would I go about avoiding consumer routers when every provider in my area forces me to get some kind of modem with built in router and wifi?
You can treat the ISP's router as bare, hostile internet and put the router of choice behind it. Disable their WIFI if you can, but don't use it. Plug an ethernet cable from your router's WAN port to one of the ISP router's LAN ports. Your router's WAN side will get one DHCP address from the ISP's router. Your LAN side and firewall rules are however you like them, on your router. This whole thing is called "double NAT-ing" -- search for that term for a how to guide.
You can also call your ISP to put the modem-router in bridge mode. This will basically turn off all of its features and just have it pipe internet access from its LAN ports. If you do this, remember to go ISP router LAN port > personal router WAN port, as you won't be protected by the ISP router firewall anymore.
Good suggestions. Thank you. I have done something similar before. Only problem is, I had to revert the setup each time isp had hiccups otherwise they refused to provide any support
I haven't done any research, but my set of anecdata (3 Internet providers from Romania, 2 national and one regional) says that providers do have ways of bypassing their router at Layer3. These ways are not advertised, sometimes not even documented. But they should be just a phone-call away.
If the router is also used as a media-convertor (upstream is Fiber or DSL or coax), they should be able to set it to "bridging mode", where it will function as a Layer2 device (switch), thus allowing the customer to use their own Layer3 device (router).
How exactly would I go about avoiding consumer routers when every provider in my area forces me to get some kind of modem with built in router and wifi?
It is a ridiculous situation, but I actually have our provider-provided router connected straight into a real firewall, and that in turn connected to a switch which in turn has the wifi base stations connected to it.
This means that if the first router is compromised there is a chance it won't penetrate the household, but of course the first router could still be used e.g. as part of a botnet by an attacker.
