What The FCC's Router Ban Could Mean for You The regulation will bar you from buying a new router made abroad. Mar 25, 2026

Condobloke

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
13,215
Reaction score
11,145
Credits
94,852


I hadn't seen that, thanks.

Cheap routers from <unnamed_countries> are definitely a hazard. They, almost universally, don't get updated, and support is as immaterial as aether.

However, more expensive routers built in < unnamed_other_countries> don't exactly have a reputation for being well-supported. OEMs consider them darned near disposable.

When have you opened your router's firmware page and seen a notification that there was an update available?

I haven't seen that since I had an expensive SOHO-level router from Juniper.

That said, it's not too hard to make a router on your own. You can do so with an old PC, preferably a thin client that will let you plug in a USB-to-ethernet hub and a built-in WiFi device that has 'hosted network' attributes.

Also, I see a ton of them on Amazon.

It might be worth buying a few to tuck them away.
 
KGIII said:
That said, it's not too hard to make a router on your own. You can do so with an old PC, preferably a thin client that will let you plug in a USB-to-ethernet hub and a built-in WiFi device that has 'hosted network' attributes.

Also, I see a ton of them on Amazon.

It might be worth buying a few to tuck them away.
Click to expand...
It may be a good idea to expand on that as a topic. Perhaps a few of the people here with the necessary knowledge could put together a 'how to' for making your own ?
 
KGIII said:
it's not too hard to make a router on your own. You can do so with an old PC
Click to expand...
Bingo. My router is an older AMD Athlon PC running pfSense, FreeBSD 15.00, and 2 drives as fail-safe mirrored ZFS fs. Two Intel 10/100/1000 LAN cards.
en.wikipedia.org

pfSense - Wikipedia

en.wikipedia.org en.wikipedia.org

I'm planning on making a spare, this time using OPNsense in lieu of pfSense.
en.wikipedia.org

OPNsense - Wikipedia

en.wikipedia.org en.wikipedia.org

EDIT: I just found out that OPNsense doesn't have pfblockerNG as an optional plugin. Looks like maybe I'll use Pi-hole on my Raspberry Pi. We'll decide later.
 
Last edited:
@Mike-BTU, is that using freeBSD 15.00 ?
 
I never bought a router or modem I just use what my internet service provides.

If it fails I call them and they send me a new one.

I connect it and power it on and go into settings and change the SSID and password.

A reputable internet service provides any all equipment with the internet service leastwise that's been my experience.
 
Condobloke said:
@Mike-BTU, is that using freeBSD 15.00 ?
Click to expand...

It's funny that you mention that. At one point, I had my own hardware firewall and router built on NetBSD. However, that was at least 8 to 10 years ago. I did move it to Linux to ease maintaining it. For that, I used a trimmed-down version of Debian (from a net install, as I recall).

It has been AGES since I've done this. I'm sure I can lay out the software, but the details will be long-forgotten.

It might be worth just pointing out the choices and letting folks work it up from there, which I might be able to accommodate this weekend -- but no promises.

I made a mistake and completely forgot my sleepy meds. (I suffer from extreme insomnia, where I'll sleep for maybe 4 hours out of every 72 hours at best.) I take a very high dose of a psychotropic medication (400 MG of Seroquel) to sleep. It's enough to make an elephant sleepy and usually works.

(That said, it's not all bad. They're racing in Australia right now - at Phillip Island. So, I've got that to keep me amused until I finally fall asleep.)

The lack of sleep will keep me off-kilter for a few days, but I'll see what I can cobble together. It might be time to dig up the linux-tips.us site and publish some more.

If you view my avatar as a QR code, it might amuse you.

Anyhow, I might even be able to set this up and see how well it works.

If you want to get a head start, look into stuff like FreshTomato. You can even do this with your own router -- maybe. I used to have a few spare ISP-provided routers that'd support it, but I've long-since moved on from that.

FreshTomato – Alternative open source firmware for Broadcom based routers

freshtomato.org freshtomato.org

That'd be a good start for many people. Sadly, more ISP-provided routers don't work with it. The router from my fiber provider certainly doesn't support it -- and I have no real access to it -- but I'm free to use my own router if I wish. For a while, all the routers from Verizon allowed it. It might be worth finding one and upgrading it. I'm 99% confident that I've sent the examples I have to the recycle bin.

Son of a biscuit eater...

Darn it... I really don't want to have to maintain more infrastructure. I already do enough online and in person. I really don't want to have to maintain yet another service. That's why I stopped doing so in the first place. That's why I accepted the ISP-provided router in the first place.

Off-topic:


There's some Aussie racing for you, assuming you click in a reasonable amount of time.
 
Mike-BTU said:
FreeBSD Linux
Click to expand...

cocks head

FreeBSD is lovely, but it's not Linux. So, I'm confused.

But, yes, it may be time to invest in something nice, above your needs, and able to be upgraded. It'd be trivial to do something with a Pi and some 3D printing. The software part is out there for those willing to work at it.

Now that I think about it more, and as I think about the beer, I'm kind of annoyed that I'm going to have to deal with this crap.

While the threat is legitimate, I d oon't think we'll see any improvement from insisting on American vendors. They're just going to behave in the same way they've been behaving.

It means you're facing spending hundreds of dollars on a SOHO router from somebody like Jupiter or Cisco. We don't have a ton of 'made in America' choices. Even those made in the US are using chips from <unnamed_country>. Though you at least get a few years of support.

I see this much like I see the TSA. It's security theater. The net benefit is likely to be negligible.

The problem isn't really where it's made. The problem is that they're not easily updated and don't have firmware that you can control on your own. They're not spying on you by default. They're aging to the point where they have known vulnerabilities and no OEM support.

How about we address that problem? How about we mandate adequate support or the 'right to repair'?

Hmm... That last sentence might be political. I'll nuke it if it's an issue. I'm not thinking that one government should mandate that, I'm thinking all governents out to mandate that. Mandatory support lenghts for sofware shipped with hardware and the right to repair our hardware on our own. That's not too much to ask for.
 
KGIII said:
There's some Aussie racing for you, assuming you click in a reasonable amount of time.
Click to expand...

Unavailable here.

But we've got it showing here at 6-9pm, might watch a bit. Don't tell me who wins.
 
wizardfromoz said:
Don't tell me who wins.
Click to expand...

I'd never do so.

I'm geo-blocked for some IMSA stuff, which is really the only reason I pay for a VPN. If you have a VPN (Proton is free and independently audited), you could probably pretend you're in the US to watch it.

They had some GT racing and some TCR (which is just a touring car class that's not really all that 'touring' in modernity) this weekend. Sadly, BMW appears to be taking some time off from having works teams. There are some BMW privateers out in the races, but we'll see how it goes.

Endurance sports car racing is where it's at -- for me.

As for Phillip Island, it's a great track for the mixed classes. It's a fun track, no matter what's on the track.

It might be sacrilege, but I like Phillip Island almost as much as I like Bathurst. It's definitely my 2nd favorite Aussie track.

No, not all Americans are into NASCAR and just turning left. If I'm bored and can't think of anything else, I might watch a NASCAR race. I'd be more inclined to do so now, with Cleetus racing. (He has an amusing YouTube channel -- with enough subscribers to make even NASCAR sit down, shut up, and take notice -- to some extent.)

I'm an unabashed BMW fan.

<snip> (I removed some pointless stuff, best left to a PM.)

I love the automobile, perhaps more than most folks will ever grasp. I've yet to meet an automobile that I couldn't fnd something awesome to say about it. I can even find something nice to say about a Lada. In fact, I can enjoy myself while driving a golf cart.

That said, this is probably the greatest car ever made:


Yes, it's a hidden gem. Yes, it's awesome. Yes, I've been drinking beer -- but that doesn't change my thoughts on the car!

(You could spit steam at peasants who dared get into your way, and use the exhaust as a pipe organ!)
 
I don't mind watching a bit of bike racing.

As long as they don't wake up the koalas and the fairy penguins. There are lots of both there, went there as a kid.

I fear we are hijacking Brian's thread, though.

You can clean up, lol, after you have slept.
 
KGIII said:
When have you opened your router's firmware page and seen a notification that there was an update available?
Click to expand...
Yet the page is there meaning router firmware is updatable, so a router can be perfectly 'clean' only to at some point introduce a backdoor into it.
 
CaffeineAddict said:
Yet the page is there meaning router firmware is updatable, so a router can be perfectly 'clean' only to at some point introduce a backdoor into it.
Click to expand...
The more premium consumer router product vendors (same as customer facing ISP equipment) usually offer an automatic update, which at least shifts the responsibility to act asap (and have adequate control over legitimate updates to them.

It's a pet peeves of mine to look into CVE and how they are handled. The variety of processes is wild. For example, I've seen mobile android phone vendors based in one region distribute critical updates in one region (other than their base) weeks before the other regions. It is too early to know, if Google's new policy of moving to more cumulative updates last summer syncs these again. Another example: If you scroll the list of CVE for AMD/Intel processors, you will notice the attributed CVE year is more frequently a year earlier than the public announcement, which most frequently is made once patches are available to the public (i.e. private customers like us). For routers it is indeed often a public disclosure first, followed by comparably rapid fixes by vendors for immediate world-wide release. You can argue this is a risk for a disjunct, i.e. if no-one publicises their bug finding, it will remain open. But with tech moving ever faster, I don't see how this risk can be higher than keeping a lid on disclosure for half a year, disabling every customer/user to deploy alternative mitigations meanwhile.

It's going to be pretty educational how this new FCC policy works out.
 
wizardfromoz said:
I don't mind watching a bit of bike racing.
Click to expand...

That's slightly inaccurate. I only watched the GT3, GT4, and TCR classes, which are cars.

I didn't stumble upon the bike's stream.

Anyhow, I'm going to dig into the whole 'make your own router' thing if I can make the time to do so. It has been a long time since I've done that.

CaffeineAddict said:
Yet the page is there meaning router firmware is updatable, so a router can be perfectly 'clean' only to at some point introduce a backdoor into it.
Click to expand...

Yup. I've even seen some that had automatic updates as an option. Yet, I can't think of a router that has been updated in years.

Caveat: My current fiber router may be updating behind the scenes. I literally have no access to it.

Trml said:
It's going to be pretty educational how this new FCC policy works out.
Click to expand...

It should also be interesting to see how well they enforce this. Right now, I can buy a dirt-cheap router on Amazon that isn't made in the US.

I haven't looked, but I'm 80% sure that they've already done this for government purchases. They don't allow networking hardware from China, just like they don't allow any software from Russia.

I'm pretty sure... I'm not 100% sure, so don't quote me on that.
 
You must log in or register to reply here.

Similar threads

LinuxBot
News [LWN.net] What the FCC router ban means for FOSS
Replies
0
Views
137
LinuxBot
LinuxBot


Follow Linux.org

Staff online

Members online

Total: 4,364 (members: 4, guests: 4,360)

Latest posts

Top