Curious why squid and not pf?

squid is a http(s) proxy and pf is a firewall. They do not do the same thing.

I assumed it wasn’t doing tls interception as simply using it to allow/disallow internet traffic from various internal hosts — pf works for that also.

Relayd also does a bunch of similar things and is closely integrated with pf too..

That's fair. I assumed he was using squid to filter/block ads and dodgy websites. You can also kind of do this with pf, but not as well.

I use openbsd for that purpose also, but with unbound :}

I used to do something similar with pf, unbound, and squid but on freebsd.