Your [1] doesn't seem to have been updated for recent events, so:

- pfSense CE is an EOL product (and its replacement Plus is closed source). https://news.ycombinator.com/item?id=26479725 / https://news.ycombinator.com/item?id=27775408

- The Wireguard fiasco. https://news.ycombinator.com/item?id=30719403

I am aware of opensense, and while e.g. the GUI looks cleaner and seems to have more plugins, when I started checking it more in depth I think that pfsense has more thorough documentation and things like traffic shaping which i plan to implement seems to be way easier on pfsense

also have you done migration between the two? if so, how hard was it?

> have you done migration between the two? if so, how hard was it?

I tried the auto-migration in OPNsense (backup from PFsense, restore to OPNsense) a couple times. Both times it got it mostly right, but whatever it got wrong blocked pretty much all traffic and was difficult to figure out why because everything looked right. I gave up and stayed with PFsense, but figured if I ever really did want to switch I would start from scratch.

I've also had to decide if I want to use pfsense or opnsense, but for me, the pfblockerNG plugin was what tipped the scales in favor of pfsense.

If you're just going to use pfBlockerNG for DNS blocking, that's built in to OPNsense without needing any plugins, via Unbound DNSBLs.