I've only ever been hacked once, when I was running FreeBSD back in like 1998. Good old WU_FTPD bug.
Never been hacked on a Windows OS.
Currently the only computers sitting inside my network belong to me, so I just don't run any software firewall at all. I don't even run a Virus Scan program because of how it gets in the way of the programming work I do frequently. I think Virus Scan programs have become kind of a joke anyway, being that 90% of the exploits lately have been based around buffer overflows which Virus Scanners generally can't do squat for.
Besides, I run a 64 bit OS that practically nothing runs on with any kind of privelege level that would allow something to insert itself into windows. I have a hard enough time installing legitimate software sometimes, lol.
Desktop machine: 2 x Opteron 246, Asus K8N-DL, 2GB PC3200 ECC Reg., XFX GeForce 6600GT, 74gb WD Raptor, 2 x 19\" LCDs, Windows XP x64
Server machine: Intel P4 3.0GHz 2MB EM64T, ECS i865pe, 1GB PC3200, 36gb WD Raptor, Windows Server 2003
Laptop: Dell Inspiron 9100 (Intel P4 3.2GHz 1MB Prescott, i865pe, 512MB PC3200, Mobility Radeon 9700, DVD+R/DL Burner), Windows XP
Linux: P3 450Mhz, 386MB ram, Slackware 10.1 (Running mySQL/Apache)