What distinguishes stateful firewalls from stateless firewalls?

Stateful firewalls make decisions based on the state of the active connections, providing a more sophisticated level of security compared to stateless firewalls. This means that such firewalls are capable of tracking the state of active connections and can recognize packets that belong to established sessions. They maintain a state table that records details about each connection, such as source and destination IP addresses, ports, and the current state of the connection (like whether it is established, closed, or in the process of being set up). This allows them to make informed decisions on whether to allow or block traffic based on the context of the connections rather than just the static information contained in individual packet headers.

This ability to understand the relationship between packets in a session enhances the firewall’s ability to protect against unauthorized access and various types of attacks, such as session hijacking, as it can determine whether incoming packets are part of an established session or not. In contrast, stateless firewalls treat each packet in isolation and do not track connection states, which limits their ability to provide comprehensive security based on the context of network communications.