> - firewall? Lots of pain and hard to find friendly, best practice starter templates. Wherever I looked, people said "it's complicated." After a lot of tinkering and learning I finally got a setup that was pretty safe. (I think.)

I don't use much FreeBSD these days, but pf (from OpenBSD, I know), is one of the best things since sliced bread.

In my first job I was working for a company selling a third-party vertical software and we were proving support for it. We were using a very expensive symantec vpn with most customers connecting with a 33.3kb phone connection, until we reached the license limits, and there was no money for new licenses. In a pinch, me and a coworker set up a new server with openvpn, freebsd, pf, and a ruby-based dns server that I don't remember anymore, and we grew an order of magnitudes more customers.

It's been more that 20 years, I still don't know how to use firewalls in linux, (there are many, I just pretend they don't exists) but I would still be able to setup a pf firewall if needed. I need to say it again, pf is a joy to use.

My gripe with FreeBSD right now is that I miss something like docker swarm. bhyve is fine but AFAIK it works only on a single host. Give me something that works on a bunch of hosts, and I will come back right away