Ok, lots of questions around 'why' and no answers, so let me take a stab.
I suspect that the purpose of this is to be able to ingest pf.conf files into a larger security tool. Something like an NDR/XDR/SOAR, or perhaps Splunk.
SecOps wants to know what the existing policies are (for compliance and validation), and to orchestrate enforcement when an IoC (or whatever) prompts investigation and action. Getting the format into JSON opens up the whole landscape for integration into existing tooling.
Nice, that's a reasonable use case. I've been working on centralizing my home lab config and this tool could help bring pf.conf in/out of a central JSON config. Mine already handles static DHCP leases, local hostnames, certificates, etc.
I suspect that the purpose of this is to be able to ingest pf.conf files into a larger security tool. Something like an NDR/XDR/SOAR, or perhaps Splunk.
SecOps wants to know what the existing policies are (for compliance and validation), and to orchestrate enforcement when an IoC (or whatever) prompts investigation and action. Getting the format into JSON opens up the whole landscape for integration into existing tooling.