pf, OpenBSD’s [p]acket [f]ilter (1)
When anyone has asked me in the last two years about installing a firewall at his LAN's border, I have always recommended them OpenBSD's packet filter pf. I discovered OpenBSD a couple of years ago while designing a hall of residence's local network and firewall. I was by then quite tired of Linux's netfilter/iptables and the first time I read about pf, I fell in love with it.
We are now more accustomed to this, but when I saw that you could write firewall rules like
pass in on $ext_if proto tcp from any port 80 to $ext_if
I knew I had found ...