“Using the PF firewall, we will be able to rapidly assemble a
NAT’ing firewall. With additional research you, thanks to PF’s
awesome documentation, you should be able to extend this to be a
traffic logger, export to netflow and do many other things.
I have tried experimenting with many “embedded” Linux distros
that are targeted more at a hardware appliance, but in the end all
of the user friendly settings just ended up getting in the way.
Using OpenBSD I am able to get a very low footprint OS with a
well-documented and transparent firewall. I know precisely what PF
is doing with my packets.