Applied the next step of my "stupidly over-complicated home network" and moved my wifi to it's own VLAN. I'm still online*. It's almost like I know what I'm doing, or something ;-)

*technically "back online after remembering to remove strange default routes, and also add _some_ firewall rules to the new interface in pfsense", but that's close enough...

