What's 'more sense'? It seems like you're willing to rewrite and recreate existing and perfectly viable solution to a problem purely because the underlying OS is not Linux. In my world it doesn't make ANY sense - while you'll be doing all of that, I'd be already working on something else, after using existing solution to this particular problem and moving on. However, if you do have a justification for wanting Linux solving your problem, then it seems you might have different problem than 'a firewall appliance' and in such case it may have some sense ;)
Wanting pf or something pf-like on a non-BSD-based OS is not an unreasonable request, especially considering how awful it is to work with, say, iptables in the Linux world. Having a Linux-native pf would likely be highly desirable when Linux is already required in one's setup for other reasons (for example, if Docker is a dependency for what one's trying to do).
That said, my own general preference is to use OpenBSD (which means having immediate access to pf plus all the other goodies like relayd/httpd, OpenSMTPD, etc.) in all possible situations, and only resort to some other OS (like GNU/Linux) when actually necessary; thus, I can't really relate to a need for things to be the other way around :)
Chances of Linux-land adopting a NIH tech: .000001%.
They could have used kqueue, but didn't. They could have used accept_filters, but didn't, they could have adopted jails instead of creating i've lost count of how many "container" technologies, but didn't.
So basically they will toss iptables eventually and write something similar but not quite as good as pf.
The Unix world in general would be very grateful to see Linux adopt current tech rather than constantly reinventing the wheel in a "its just good enough unfortunately" incompatible way.
> could have adopted jails instead of creating i've lost count of how many "container" technologies
The "many technologies" are mostly user-level wrappers though. What actually happened in the kernel: they've added unshare(2) early on, but it only isolated filesystem mounts at first. Later they started gradually adding more things for it isolate: network, PID, IPC and users. The "users" part arrived really late and is kinda bad… that's why for a very long time you weren't supposed to give people root in a docker container, and I think it's still not recommended. That's quite hilarious, considering that jails' main purpose literally was "containing root", and it fucking worked great since the early 2000s.
> they will toss iptables eventually and write something similar but not quite as good as pf
