I have seen good performance from IPFW although have seen an impact when using stateful.
I am trying pf but have seen quite a lot of redundancy built in to pf.conf from various sources.
Is this just a lack of understanding from the compilers (or me) or is this a reliability issue with pf?

one example (and there are many others)

block all
block return-rst in $logopt on $ext_if proto tcp all
block return-icmp in $logopt on $ext_if proto udp all
block in $logopt on $ext_if proto icmp all
block out $logopt on $ext_if all

Doesn't the "block all" make the next four lines redundant?

Here seems to be another example I have seen.

under global options
set skip on lo0

The further down
# trust localhost
pass in quick on lo0 all
pass out quick on lo0 all

I am trying pf but have seen quite a lot of redundancy built in to pf.conf from various sources.
Is this just a lack of understanding from the compilers (or me) or is this a reliability issue with pf?

one example (and there are many others)

block all
block return-rst in $logopt on $ext_if proto tcp all
block return-icmp in $logopt on $ext_if proto udp all
block in $logopt on $ext_if proto icmp all
block out $logopt on $ext_if all

Doesn't the "block all" make the next four lines redundant?

I'm afraid it is a lack of understanding on your part :P
When using PF, the processing of rules does not necessarily terminate with the first matching rule. That is unless it has the quick modifier applied.

So ... No, the block all does not make the next lines redundant, it merely sets the action to be taken if no further rules match that specify some other action.

Thank you,
That explains a lot.
I knew that Cisco background would be my downfall.