Is there any doubt that OpenBSD’s PF is the best of the freely available packet filters? Stateful filtering, real QOS management, filtering by host OS, rule tables that can be updated without bouncing the firewall, and now add to that list state synchronization between load balancing firewalls.
Awesome.