Actually, there's no such thing as a "hardware" firewall. There are firmware firewalls that come loaded in a box with connectors on it, but it's still good old code that's inspecting packets and deciding what to do. There are no gears and levers in there that hackers can't penetrate.

Firmware firewalls might offer marginally better protection (because an intruder has to figure out how to re-flash the program memory), but good software implementations have ways of preventing their own code from being corrupted, so the margin of superiority is extremely slim.