Why use OpenBSD? PF

PF, the OpenBSD packet filter, debuted in OpenBSD 3.0 (December 1, 2001)

Replaced IPFilter (ipf) due to performance and licensing

High-performance packet filter with (essentially) human-readable config

Ties in to several other tools/features

Ported to several other systems (FreeBSD → macOS, iOS,

NetBSD → Blackberry, OpenBSD → Solaris)

Since 4.6, PF is enabled by default; rc has default rule set to let you fix after booting with invalid pf.conf

Also The Book of PF http://www.nostarch.com/pf3 or the much-repeated tutorial at http://home.nuug.no/~peter/pf/newest/