I saw on Twitter that my government has a backdoor on all modems and spys, changes websites content with TR069 protocol. https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/
I scanned my ip and saw port 7547 was open on January 2023.
When i put my ISP modem on bridge mode and connect my OpenWRT router will i be safe?
If you use OpenWrt, you have full control over the firewall and the wan, by default, has no open or forwarded ports.
This protects your network from unsolicited external connection attempts. But, keep in mind the fact that redirects or 'hijacking' can occur anywhere between your OpenWrt wan and the site(s) you are trying to visit... if that happens, the responses to your legit requests could be tampered. Most modern encryption methods that are used on the internet (i.e. https and others) will cause an error (or warning) when the site certificate or encryption methods are not as expected. The content between the server and client is encrypted, so generally speaking, all that an outside obvserver can deduce is that you are visiting a given site, but it cannot determine the content within the packets. This has significantly reduced "man-in-the-middle" type attacks for most major properties. However, that isn't to say that a nation-state level MITM/hijacking will always be thwarted.
With respect to the ISP modem itself -- if it is in pure bridge mode, theoretically it cannot do anyting but act as a media converter (cable/DSL/fiber/cellular <-> ethernet), passing the ISP issued IP address to your downstream device. But many of these modem devices have some ISP level configurability/monitoring (for general network conectivity reasons), and so the modem may still have some ports to which it may respond and thus gets reported as open (some of wihch may or may not be legitimately necessary for the service ot operate).
A commercial VPN could help reduce the risk here by ensuring that all of your data is encrypted in transit between your router and the remote VPN endoint, making MITM attacks effectively impossible bwetween the endpoints. But the reality is that it simply shifts the element of trust from the ISP (and potentially the country) to the VPN provier. You have to trust that the VPN provider itself keeps your traffic private and is not cooperating with (and/or not subject to any) survaillence or other intrusions by a nation-state.
