This project aims to setup a secure home router appliance based on Linux with minimal maintenance using existing open source components.
Features:
- Core router features
- IPv4 router
- DHCPv4 server
- Firewall
- Maintenance features
- Automatically system update and reboot if needed
- Management features
- SSH server for local onprem management
Roadmap:
- IPv6-Mostly router
Supported OSes:
AlmaLinux is recommended for supported hardware, as it comes with a 10-year lifecycle providing security updates and support. Fedora Server is recommeded for new hardware and latest software features.
- AlmaLinux OS 10 (EoL ~2035)
- Fedora Server 43
- Fedora Server 42 (EoL 2026-05-13)
- Fedora Server 41 (EoL 2025-11-26)
- Fedora Server 40 (EoL 2025-05-13)
Migrate installations before OS reach End of Life (EoL) Fedora End of Life Releases
WIP OSes:
- CentOS Stream 10 (WIP, EoL 2030-05-31)
Prerequisites:
- Install Fedora Server or AlmaLinux on bare metal router hardware
- Architecture:
x86_64oraarch64 - 2 x Ethernet NICs
- Architecture:
- Setup ed25519 authorized key for ssh access as password login is disabled
ssh-copy-id -i ~/.ssh/id_ed25519.pub ${USER}@${HOME_ROUTER_IP}
Released version:
# Download and extract latest release
curl https://codeload.github.com/baxeno/home-router/tar.gz/refs/tags/v0.3.0 -o home-router-v0.3.0.tar.gz
tar -xvzf home-router-v0.3.0.tar.gz
cd home-router-0.3.0/ansible
# Install basic Ansible host dependencies
sudo dnf install -y ansible-core
ansible-galaxy collection install -r requirements.yml
# Update `inventory/localhost.yml` with interfaces and maybe some of the optional parameters
ansible-playbook --check -K -i inventory/localhost.yml home-router.ymlAnsible inventory configuration:
router_lan_subnet and dhcp_router_ip variables are automatically calculated based on router_lan_network.
It is possible to setup WiFi APs using a WiFi client USB dongle, but don't expect more then ~150MBit/s at ~1 meter range with a single WiFi client. WiFi APs require specific WiFi chips with many antennas and they are only sold to big COTS manufactures. Linux kernel upstream support of these chips are typically lacking. This is also why COTS routers with WiFi AP builtin don't receive updates as they are carrying large patch series that require a lot of work to rebase onto a new kernel release.
Recommended action is to have seperate hardware for router and WiFi APs.
Commercially available off-the-shelf (COTS) router products typically receive very few security updates during there life-time. This result in them being compromised and used in large botnets and/or as AI scraper proxies which result in slower internet speeds for home users.
Examples:
- March 2026 Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
- Criminal proxy service named SocksEscort was powered by a malware known as AVrecon.
- The malware targets approximately 1,200 device models manufactured by Cisco, D-Link, Hikvision, Mikrotik, NETGEAR, TP-Link, and Zyxel.
- March 2026 New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
- A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.
- May 2025 Police dismantles botnet selling hacked routers as residential proxies
- May 2025 FBI: End-of-life routers hacked for cybercrime proxy networks
- End of life routers were breached by cyber actors using variants of TheMoon malware botnet.
- Common targets include Linksys and Cisco models.
- December 2024Malware botnets exploit outdated D-Link routers in recent attacks
- Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions.
- September 2022 Moobot botnet is coming for your unpatched D-Link router
- The Mirai malware botnet variant known as ‘MooBot’ has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits.
The following open-source software components are used.
- AlmaLinux OS - An Open Source, community owned and governed, forever-free enterprise Linux distribution, focused on long-term stability, providing a robust production-grade platform.
- Fedora Server - Run server workloads on bare metal or virtual machines with the latest open source technologies curated by the Fedora Community.
- DNF automatic - Package manager - automated upgrades.
- firewalld - A firewall daemon with D-Bus interface providing a dynamic firewall.
- NetworkManager - NetworkManager is the standard Linux network configuration tool suite.
- Kea DHCP - Modern, open source DHCPv4 & DHCPv6 server.
- OpenSSH - SSH.... keeping your communiqués secret.
Documentation links:
Feel free to open bug reports or feature requests in Issues section.
Install from git using Ansible:
sudo dnf install -y git ansible-core
ansible-galaxy collection install -r ansible/requirements.yml
git clone https://github.com/baxeno/home-router.git
cd home-router/ansible
# Update inventory file with your configuration
ansible-playbook --check -K -i inventory/localhost.yml home-router.yml