Packet Filter aka PF is OpenBSD’s system for filtering TCP/IP traffic / NAT software. I always like the simplicity offered by PF firewall. There is a new article that explains the PF performance monitoring:
The PF (packet filter) firewall package was introduced in OpenBSD 3.0, and has since been ported to the FreeBSD and NetBSD Operating Systems. PF contains a stateful packet inspection engine, the ability to replicate state information to a backup firewall, a flexible self optimizing rule engine, QOS support, and the ability to collect performance metrics. These metrics can be useful for gauging the performance of a firewall platform, and provide a way to trend firewall performance over time. This article will describe several utilities that can be used to monitor the health and performance of a PF firewall.
On a related note you may find our FreeBSD firewall startup guide quite useful.
Monitoring PF firewalls for health and performance [prefetch.net]