"You can do more than pfsense with a plain old Linux box but it takes some dense reading to learn to manipulate the traffic control and routing tables yourself."
That's why having a nice UI adds already a lot of value :).
I wanted something under Linux and I ended up trying a combination of Shorewall and its Webmin plugin to have something similar, but a more holistic solution would be interesting.
Not to mention that PFSensenormalizes a lot of management. It provides an easy mechanism to queue changes and apply them, lof when changes were made and what the changes were, etc.
In a previous job we used to deploy OpenBSD firewalls to provide site-to-site VPNs. We switched to PFSense because management was easier when you have 10-20 of them to deal with, and multiple people might have access.
That said, we definitely would have preferred an equivalent interface on top of OpenBSD instead of FreeBSD. There were some differences in the CARP implementation in FreeBSD that made some features of CARP we relied on with OpenBSD unavailable in FreeBSD, and thus PFSense.
I wish there were better UI based ditros but the value is kinda limited since people doing the really advanced stuff know Linux specific networking like qdisks and iptables.
You pretty much learn the commands while reading about how the stuff works. I've seen a ton of horribly configured psfense boxes because it exposes all this functionality to people that honestly shouldn't have it and don't know what they're doing.
It's like regedit for networking. If you know enough about the registry to be fooling with it you don't really need a UI but it's nice to have
That's why having a nice UI adds already a lot of value :).
I wanted something under Linux and I ended up trying a combination of Shorewall and its Webmin plugin to have something similar, but a more holistic solution would be interesting.