I have been working on some Cisco FWSM's recently and have come to really appreciate how handy the security contexts are on these. Essentially you get one 'master' system that handles overall traffic, memory use, resource management etc and then under that you can create 'slices' of the master system. eah slice is its own seperate system but runs over vlan's instead of physical ports.
Anyone know if this is possible for pfsense? Or possible in any open-source firewall?!
I don't exactly understand what you mean. But, with pfSense you can make VLANs and have different rules for each one. You can block the VLANs separately against other VLANs and of course against the WAN. What more security do you want?