top | item 46037669

(no title)

PF is really nice. (Source: me. Cissp and a couple decades of professional experience with open source and proprietary firewalls).

And if they are already using it on openbsd, it’s almost certainly an easier lift to move from one BSD PF implementation to another versus migrating everything to Linux and iptables.

discuss

theideaofcoffee|3 months ago

Agreed. Once you've gone pf you'll pine for it when working with anything else.

kstrauser|3 months ago

I've gotta me-too this. I've written any number of firewall rulesets on various OSes and appliances over the years, and pf is delightful. It was the first and only time I've seen a configuration file that was clearly The Way It Should Be.

bigfatkitten|3 months ago

The only configuration language I like more is Juniper. I picked that up and became fluent in it within about a day.