iptables has been around for a while, and it has matured to the point where it's just plain silly to spend fortunes on proprietary Firewall software (and bear in mind that I used to sell CheckPoint solutions - I still have a certification on those somewhere...)
Although I still find ipfw a bit cleaner for some purposes, there's no denying that you can do just about anything you want to IP packets with iptables, and I've gotten used to relying on it.
Resources:
- Traffic accounting scripts
- FireHOL
- countertrace, a way to simulate network latency via iptables
- How to simulate a slow network using tc queueing disciplines and iproute2
- ebtables, for those instances where you really want to get down and dirty at the link level.