The OpenBSD Packet Filter (PF) feature of Oracle Solaris is a network firewall that captures incoming packets and evaluates them for entry to and exit from the system. PF provides stateful packet inspection. It can match packets by IP address and port number as well as by the receiving network interface.
PF is based on OpenBSD Packet Filter (PF) version 5.5, which is enhanced to work with Oracle Solaris components, such as zones with exclusive IP instances. In Oracle Solaris 11.3, both PF and IP Filter are available for filtering packets. Because PF is a more robust filtering module, you should transfer your firewall policy from IP Filter rules to PF.
The following OpenBSD PF features are not included in the Oracle Solaris version:
Network address translation (NAT-64) between IPv6 and IPv4 as described by RFC 6146
PFSYNC, which allows PF firewalls to be deployed as a cluster
QOS (packet queuing)
Netflow statistics