[FreeBSD 11 Wishlist] Replacing an OpenBSD Firewall

[Mark Felder]

UPDATE:

I have everything working except QoS, so thanks for the 6rd gif tunnel
workaround Nathan. ALTQ being absent from GENERIC is another sore spot
that should be investigated.

I've been encouraged to use ipfw and dummynet, but converting my
firewall rules again is not something I'm enthusiastic about. I'll note
that FreeBSD is often praised for including pf while ipfw is completely
overlooked; our own Handbook even puts pf before ipfw. That certainly
sends a message that we may not be intending to send and should be
considered carefully.