“With more and more hosts being connected to the Internet, the importance of securing connected networks has increased, too. One mechanism to provide enhanced security for a network is to filter out potentially malicious network packets. Firewalls are designed to provide “policy-based” network filtering.” Read the paper at Benzedrine.
Design & Performance of OpenBSD’s Stateful Packet Filter
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Linux wins.
*Grin*.
“In summary, iptables perform the best for stateless rules and pf performs the best when using stateful filtering”
So it depends on what you are doing. Also, pf is newer than iptables, so it would have been pretty bad had iptables not been better at some things.