Here in Germany ISPs can’t force you to use their routers; you’re always allowed to supply your own equipment. Some ISPs tried to do an end-run around that by not giving customers the necessary credentials to have their third-party router connect to the ISP’s network but that practice has also been made illegal. There are very nice third-party routers available on the market (I use a FRITZ!Box 7580 which is nothing short of wonderful, and I’m saying that strictly as a satisfied customer), and indeed various ISPs offer rebranded versions of these routers to their customers.
Incidentally, if you want a really secure router then note that a Linux PC does not require a running init process. You can use init to run the required commands to set up any firewall rules you need and then simply exit process 1, which will give you a nasty-looking error message but the kernel will continue running (and routing packets). This is inconvenient to reconfigure and lacks some features that more fancy units provide (such as a DHCP server) but will be very tough for attackers to get a foothold on or modify.
