I've been using pfSense on our router for some time, and it's started to irritate me. If it breaks, I basically have no recourse to fix it but to reinstall and upload a backup configuration - for some reason, despite the NanoBSD setup (which is going away in future versions anyway), on a power failure it's liable to wind up leaving the SD card in an unbootable state.
From the time running it, and the time before that using a SoHo router appliance, my firewall skills have atrophied terribly. For the most part, expressing the way you want things in pfSense is fairly trivial, but every so often there's something where I think "if this were a real machine I could just...".
Finally, future versions of pfSense won't run on my hardware due to it lacking AES-NI... I might as well jump ship to something else now, but what? OPNsense initially looked promising, but one of my complaints about pfSense has been that at times it seems to be PHP with root access, held together with duct tape and bandaids, and OPNsense certainly seems a step in the wrong direction on that front.
I briefly contemplated a flavor of Linux... Ubuntu, Alpine, or Voyage, the last of which I know absolutely nothing about. I eventually settled on trying plain ol' FreeBSD, so that I'd at least have something remotely familiar while I dabbled. I did a pretty piss-poor effort to document the process, which is still not quite complete.
I am still very seriously considering dropping Alpine on there, as much as it pains me as a massive BSD fanboy of more than 20 years. That's probably a task for a different weekend though.