Hello, and best wishes for the holidays,
I agree. As you write, IPFire actually is “good enough” for me today. I’d like it to run from a used 2GB mSATA SSD on espressobin hardware, with an image backup on sdcard. Though, I am not yet that sure about tomorrow, as it has to run in our closet, and experience says, over the year there is always someone to pull the power cord or something that burns a fuse, etc. So I’m concerned if IPFire can always reboot without intervention, so it will work even if only part of the family is home.
With the “selfhost” distros that are available now, and better suited, and the virtualization, I think the desire to have additional user services running on the firewall isn’t there that much anymore, these days.
But ok, it’s ok not to make best use of the good work of more distro maintainers. If everyone wants to keep IPFire on the same road as in the past years.
Sorry, my writing was misleading, yes, firehol does not do package inspection, it only features admin friendly iptables management (similar to IPFire).
It’s hard to gauge from my user/admin perspective. But if you were once building from a heavily customized fork of a very generic distro, I can imagine the diffs kept growing and harder to maintain over time. And that there were no new usefull router and firewall feature updates coming in from LFS and IPCop.
From my user view it clearly looked as if it could ease the work of the IPFire team, if it were relatively easy to make IPFire build from a nicely matching and maintained router distro. (Especially, after reading Adelie seems to do well by working with APORTS tree patches.)
Personally, I was pleasantly surprised from the alpine linux routing and SBC-boards support with the “lighter” musil C; it’s not only the broader plattform support, as well as the diskless and (/var) data disk mode, besides the regular sys disk mode install.
https://wiki.alpinelinux.org/w/index.php?search=router
I even saw a Web Configuration Framework said to be well suitable also for small systems Alpine Configuration Framework Design - Alpine Linux
Also my wish for firehol, for example, may at first only have been just me not wanting to re-write my current firewall rules from firehol on OpenWRT in the IPFire web frontend. However, as the IPFire approach has incredible similarities, maybe it could actually make things easier to maintain in the long run, if migrating the web frontend to just configure the tried and proven firehol backend (“apk add firehol” is also already maintained in alpine, and it already supports IPv6 and ships with many service definitions out of the box, and IPFire won’t have to migrate alone to the nftables backend in the future).
Kind regards, and thank you for the elaborate response that you have written. It’s appreciated.
PS: Concerning the current “icon view”, the IPFire mascot might rather become a tux firefighter, that can control and extinguish the fire, with an ability to run upstream and inspire to become a firefighter, instead of running dizzy and catching fire 
.