See there's your problem - using logic and sense while evaluating how i got here:-)
I had no idea what pfsense could and couldn't do before i started this. Never used it until a week ago, only marginally aware of it. I had the perception that it is a platform of components that one can use. You see pfsense as a firewall - i see it is a comprehensive 'security platform' of things i can use as i see fit. Both are true.
I don't need the pfsense firewall / NAT(because i can't turn off the one i have.. and don't want to double NAT or double firewall)
As such all the outbound connections i want to block with my off the shelf pfsense box are done at the squidguard / suricata level.
This can be done in one of two locations - between the cable modem and my router or between my router and the rest of the network. Either way i need to bridge as I want it transparent, i don't want to mess around with wpad.
pfsense gives me easy to use turnkey system to do this, i don't want to install linux - i have no no interest in maintaining a linux machine - i bought a box with pfsense installed that does the job i need it to in an easy way is great - not sure why you are so horrified about what pfsense modules / features and packages I do or don't choose to use
I wasn't worried about the performance - I was just checking to see if the bridging might be causing the drop in throughput - turns out comcast mucked up my connection - pfsense in transparent mode has no impact in my scenario (home use)
I have a turnkey tool that does what I need it to and easy to get working and maintain - bloody brilliant in my book. If you want to install a linux distro and install packages on that etc etc more power to you i won't judge. But that's not for me. Having just learnt about security onion - maybe that's more suited to my need, thats where i will play and experiment next.
So consider this just a journey of discovery for me - i now understand what pfsense is. I have made no call on what I will finally do. And if and when UBNT let me turn off the firewall / NAT on my USG device i will do that and likely revert the pfsense to non-bridged mode and use it as my NAT and firewall at that point.