I hate to say it, but I will never forget the day I first stumbled upon PF.
Up to that point, setting up a router/firewall had been exceedingly painful, using Linux and iptables.
The syntax of pf.conf is beautiful. Somebody (I forgot who) once said that in order to write a rule set one needs to consult the (excellent) man page constantly, but once it is done, reading and understanding it takes no effort at all. As far as the "UI" goes, PF is so far ahead of anything I know of that most other metrics to judge a firewall / packet filter by seem to disappear.
Just to be clear: I have nothing against Linux, in fact most of my computers run Linux. But the syntax of pf.conf is just so sweet, once I tasted it, it spoiled me forever. And now iptables scripts look like something out of a Lovecraftian nightmare.
Up to that point, setting up a router/firewall had been exceedingly painful, using Linux and iptables.
The syntax of pf.conf is beautiful. Somebody (I forgot who) once said that in order to write a rule set one needs to consult the (excellent) man page constantly, but once it is done, reading and understanding it takes no effort at all. As far as the "UI" goes, PF is so far ahead of anything I know of that most other metrics to judge a firewall / packet filter by seem to disappear.
Just to be clear: I have nothing against Linux, in fact most of my computers run Linux. But the syntax of pf.conf is just so sweet, once I tasted it, it spoiled me forever. And now iptables scripts look like something out of a Lovecraftian nightmare.