If looking for third party firewalls, check IPFire as well. I've experimented with it as it has an IDS in it. It was interesting to see the blocked site list (IP) grow based on probe attempts.I didn’t, but the leading candidates are Microtik and MERAKI GO. The Microtik uses its own highly rated software and the MERAKI GO uses a customized PFSense. They are similarly priced and seem to have about the same number of fans.
Choosing a particular model is the current challenge. I do think one or the other would work for you, and it would make your LAN invisible to the modem (assuming you are not using WIFi from the modem/router, if equipped).
What you need is a small PC with two gigabit cards. I've also ran Microtik for a while (years ago), but found it a bit more cryptic to manage. Right now, I don't have a 3rd party firewall, still experimenting with them.
One comment, I never liked wifi extenders, of any type. They cut your bandwidth down and clog the wifi channels looking for clear spots. If necessary, run a point to point link that you can control and then a switch or separate wifi access point at the remote location.