On Tue, Oct 20, 2009 at 8:08 AM, Paul Mooring <drpppr242@gmail.com> wrote:

I'm not sure I'd want to go this way, because I'd mostly switch just to learn pf/bsd, but in your opinion is there a big advantage beyond ease of use to using a ready made router distro as oppose to setting up your own? I've tried Debian with arno-tables and ipcop and both times the large number of iptables rules created by a rather simple set up seemed to make it nearly impossible to troubleshoot firewall issues (in the case of arno ~250 lines in iptables-save as oppose to ~30 when I did it by hand). I'm not sure I'm really convinced that the added complexity in the rules really adds any security over a simple custom configuration.

Initially, I switched just to learn it as well. The biggest benefit is that you can control the other services you want installed, along with custom compile options. You also have the ability to create custom kernels (ALTQ is only available by compiling support for it into the FreeBSD kernel). In an enterprise environment, you may want redundancy with pfsync/CARP (think Cisco's HSRP).
From what I can tell, pfsense has nearly everything I need now, but didn't when I initially checked into it several years ago.