← Lessons

quiz vs the machine

Silver1080

Networking

Stateful And Stateless Firewalls

How firewalls decide which packets to let through.

4 min read · intro · beat Silver to climb

What A Firewall Does

A firewall filters traffic at a boundary, allowing or dropping packets based on rules. The two classic designs differ in how much they remember.

Stateless Filtering

A stateless firewall judges each packet on its own.

  • It looks only at fields like source IP, destination IP, port, and protocol.
  • It has no memory of earlier packets.
  • It is fast and cheap, but it cannot tell a reply from an unsolicited packet.

To allow return traffic you must open ports in both directions, which widens the attack surface.

Stateful Filtering

A stateful firewall tracks connections in a state table.

  • When a host opens an outbound connection, the firewall records that flow.
  • Return packets that match an existing entry are allowed automatically.
  • Packets with no matching state are dropped by default.

This lets you allow replies without permanently opening inbound ports. The cost is memory for the table and more processing per packet.

Choosing Between Them

Stateless rules suit very high speed paths and simple coarse filtering. Stateful inspection is the default for edge firewalls because it understands the life cycle of a connection.

Key idea

Stateless firewalls filter each packet independently and fast, while stateful firewalls track connections so replies are allowed without leaving inbound ports permanently open.

Check yourself

Answer to earn rating on the learn ladder.

1. What does a stateful firewall track that a stateless one does not?

2. Why can stateless filtering widen the attack surface?