I haven't tested Firewalld, **it might be** secure, but **I don't know that much about it**.
So far, I have seen that Iptables is one of the most secure and configurable. GUFW (or UFW, if we're talking about the command-line one), uses Iptables in the background, and seems to be more port-based, instead of packet-based (this last one is the case for Iptables). With port-based firewalls, you **might** not be able to do somethings that a packet-based firewall allows you to, like setting ICMP packet filters (not blocking). Of course, you can try tweaking the internal configuration of the port-based firewall (in the case of GUFW or the UFW) to interact with the packet-based firewall to do so, but this won't be configurable in the user interface of the ones mentioned at first. ICMP packets **are not** port-based. The so called "ping", which is one of many types of ICMP packets, **is not** done against "trisquel.info:80" (the website), but instead against "trisquel.info", in the hope that it resolves to an IP address and the IP address is alive. You mustn't block all ICMP packets either, since these are used for communications between your computer and the router (or modem) that is responsible for representing your computer on the Internet (this communication is needed for various important informations, like bandwidth management and many other things that I forgot now).
