What if your firewall box has ssh access on the external interface and you want to make sure no-one accessing sshd can hog up the bandwidth; you can't do this with pf. What if you're using OpenBSD as a desktop computer, you might want to allow certain applications different bandwidth allowances; you can't do this with pf (without an extra box). What if you've got an OpenBSD multi user sshd machine: you want to allow all users internet access, but you want to make sure they can all have an equal share of the download bandwidth; you can't do this with pf (without an extra box, and some sort of very messy identd+tables hack).
As far as firewalls go I'm a big fan of pf, actually I just finished writing a fairly detailed walkthrough of my pf.conf ( http://kuliukas.com/guide.html ), which is why I don't want to have to use/recommend something else if I need this functionality; I think download shaping would be the icing on the cake. I'm not demanding anyone do anything, I'm not trolling, I just want to get this acknowledged as an area for potential development. Why everyone's so resistant to this is beyond me. That this is the only extra feature I'd like to have in pf I think reflects pretty well on pf. Kestas
