I've worked extensively with pf (on OpenBSD) in a previous job, creating both routing firewalls and bridging firewalls. pf has been my favorite ever since, I prefer it over iptables (commonly found on Linux).
pfSense offers easy configuration using a Web GUI, but can also be managed from the commandline. Advanced features include:
- Firewalling on Layer 2 (bridging) and Layer 3 (routing)
- CARP and pfsync for High-Availability setups with multiple redundant firewalls
- Load Balancing