PF is really nice. (Source: me. Cissp and a couple decades of professional experience with open source and proprietary firewalls).

And if they are already using it on openbsd, it’s almost certainly an easier lift to move from one BSD PF implementation to another versus migrating everything to Linux and iptables.