Usability & Maintainability pf.conf Syntax Nominally LALR Initially based on ipf syntax Organic, mostly unplanned growth as PF gained functionality Now very challenging to maintain and extend parse.y has become increasingly confused whether or not it is a line oriented parser anchor in on $fxp0 { block pass in proto udp from any to $webserver port { 80, 443 } pass in proto { udp, tcp } from any to $dnsserver port 53 pass in proto tcp from any to { $webserver $dnsserver } port 22 }