Sepherosa Ziehau has removed IPFW1; IPFW2, which is already in the system, is generally compatible from a configuration point of view.Â Check the ipfw man page to find out what’s different.
What I don’t get is why ipfw2 wasn’t removed too, pf is the sexy firewall these days.
IPFW2 offers some features that pf does not, like (I think) dummynet. Also, having IPFW2 in the system doesn’t keep you from using PF.
Obviously there are many differences between the two, there isn’t a “best firewall”, it all depends from what you need.
You can find a little but interesting overview here:
DragonFly BSD Digest