ok so here are the results of my efforts last night until 0130!
I am currently unable to get my plex to work.
the plex server is on the server 192.168.1.251 and I am trying to access it via the tv firestick. can anyone help?Skynet.jpg

I have to disagree on one thing only..
"planned obsolesce" is a fact not a myth,
not everyone applies this policy of course but there are alot of example out there proving this
the more evident one is for example to limit the life of a light bulb
Apple's use of pentalobe screws in their newer devices is an attempt to prevent the consumer from repairing the device themselves
Non-user-replaceable batteries
Smart chips in ink cartridges to prevent them from being used after a certain threshold constitutes "planned obsolescence"
when you design a board and you put capacitors in a place where the temperature is hot you know that the capacitor itself would last no more than 3 years. there are alot of triks to make everything with "planned obsolesce" in mind 😉
last example ... server grade vs consumer grade

Some of those Realtek device should be supported:
https://www.freebsd.org/cgi/man.cgi?query=rtwn_usb&apropos=0&sektion=4&manpath=FreeBSD+12.0-RELEASE&arch=default&format=html

You might find they work OK. You alreadt have them so nothing but time to lose by testing them.

Steve

You can still do some filtering on HTTPS without the MITM. On E2 Guardian, I have multiple groups setup, some which have MITM enabled and some such as in your case that are for Guest Wi-Fi where I can't properly sneak in the CA. On Squid I believe this is referred to as Bump and Splice all.

For my guest Wi-Fi setups, I just use the non-MITM method. This is where the proxy is able to see the domain name without the resource path at the end in order to decide if a website should be let through or not. MITM would obviously allow the proxy to look at the entire URL with the resource path and make a informed decision as to whether or not to allow a website through. I prefer it way more than DNS level filtering as it's more flexible. You can set it up for specific users while others can browse those sites just fine.

If you've got sometime, I recommend you give E2 Guardian a shot. It worked out a lot better than Squid in my use case and it has the added benefit of actual phrase filtering.