> Other than Oracle with their port to Solaris, most ports of the PF subsystem happened before the OpenBSD 4.7 NAT rewrite, and for that reason they have kept the previous syntax intact.
Besides FreeBSD, I'm curious what/which noncommercial, non-Linux OS(es) are battle-tested at internet web ops scale. FreeBSD occupies multiple, nondescript, ubiquitous roles people aren't aware of powering key components of infrastructure in utilities like water, electricity, and delivery logistics
We had machines in two buildings with multiple machines in the cluster. You could upgrade machines in a cluster and not lose any time. I thought DragonflyBSD is trying to head in that direction with storage (HAMMER).
I believe the problem here is business-level, and this can’t really be fixed technically. The problem is, this kind of design requires organized commitment to run it to completion, and can’t work in a culture focused on dropping a half-working MVP early and then failing to follow up.
I stumbled across OpenBSD PF and FreeBSD ipfw early in my career and instantly recognized their superiority. So even though I've been a long time Linux user on the desktop, I always run OpenBSD on routers and gateways. Right tool for the right job.
It’s worth noting that the FreeBSD port has evolved in its own way and is SMP-capable despite keeping the “old” syntax: https://lists.freebsd.org/pipermail/freebsd-pf/2012-Septembe...