Since all these routers and modems are insecure by design; have 65,536 problems; are not upgradeable; are now your liability, why not just make them transparent? Disable the firewall, enable upnp, and just have other defenses in your control take over. It would be one less hindrance. Shotan and others already have your number. Take a look at the first 2 ip that storm your router kernel when first activated and you see the attackers have the key.

No firewall => 1 less daemon + less obstruction in NAT + true sense of security

I have experienced a router that proved so problematic when trying to enhance the security. I had no choice but to disable firewall, traffic control and other services. Now, whenever I visit that router's location, records show it has been performing like a well-oiled machine.

Unless we can modify the firmware ourselves, we should just assume the routers are broken, inefficient and open to all form of mal. What's the worst that could happen should the "defenses" be disabled? Hijacks? Infections? Spying? Intrusion? Wait... that happens even though "security is enabled." The only good firewall is your own firewall and the power supply.