Username or EmailPassword
pf code has become over the years kinda messy. The openbsd developers accepted this as a fact and are working towards a resolution.
So, pf has complexity issues, doesn't strive for portability outside of openbsd and isn't exactly SMP friendly.
Sounds like there is space for a new packet filter.