@sarrasine Yes, IP passthrough is the same as bridge mode. Comcast calls it bridge mode, and it is easy to find. Verizon calls it IP passthrough, and it is buried behind quite a few clicks in the web admin.
You are lucky to be able to get fiber, cable and wireless Internet. Until recently, I could only get cable.
I don't find the carrier gateway to be a serious issue, from a technical standpoint at least. As long as they are in bridge/IP passthrough mode, and the ISP provides public IPs, it all works great with pfSense. I have my Comcast XB8 in bridge mode, and Verizon ARC-XCI55AX gateway in IP passthrough mode. That means all router functionality is disabled, as well as Wifi. It would be better to have a strict modem without routing or Wifi, but economies of scale probably means such a device would sell less, and cost more.
Of course, the price of the device is built into the service cost. I prefer to have one time cost than a recurring one. Comcast will not offer unlimited data service if you use your own equipment, unfortunately. It's not every month that I use over 1.2TB of data, though.
I also have a 3rd ISP in trial right now, Sail Internet. They installed a fixed wireless antenna on my roof. I was supposed to get 200 / 200 Mbps, but a palmtree grew in the line of sight. They had to install a new antenna pointed somewhere else. I get about 200 / 30 from it.
Sail uses a POE modem that's actually on the roof. It is a straight modem, not router. They asked me if I needed a router when I signed up, and I told them no, as I have my own pfSense box.
I don't get why you are so concerned about lightning surges. If the cable is not properly grounded, can't you get the cable company to come over and ground it properly ? It should be their responsibility. Also, there are surge protectors for coaxial cable. I'm not sure how effective they are, but name brands usually provide some kind of insurance, which could cover some damage to your equipment.
All my equipment is plugged into surge protectors. I even installed many surge protecting outlets. I also have a heavy duty surge protector installed in my main electrical panel, and 2 in electrical subpanels as well.
Right now, I have two coax cables coming into my office, once from Comcast and one from Sail. In my home theater, there used to be another 2 coax, one from my OTA for TV channels, and another from Dish. The Dish came down a few years ago during fumigation. I was able to keep the OTA, which I still use daily with a HD Homerun DVR and attached USB SSD.
We had some serious lightning strikes in 2020 around here, but no actual issues at my home, except that we were subject to a pending evacuation order that fortunately never came. The air quality was awful for a month following all these fires, though..
https://en.wikipedia.org/wiki/August_2020_California_lightning_wildfires
I would not choose wireless if wired was reliable, but unfortunately it isn't. 100GB is about 3% of my usual monthly consumption with Comcast. I have exceeded the 1.2TB cap a few times, but am paying for unlimited data.