Stateful Firewall
What is Stateful Firewall?
Stateful FirewallA firewall that tracks the state of active connections in a connection table and allows return traffic that matches an established session.
A stateful firewall maintains a connection table that records each flow's 5-tuple (source IP, destination IP, source port, destination port, protocol) along with TCP flags or UDP/ICMP pseudo-state. Once a session is allowed outbound, return packets that match the entry are admitted automatically without needing an explicit inverse rule. This greatly simplifies rulebases and stops many spoofed packets that would slip past stateless filters, but it adds memory and CPU cost and can be exhausted by SYN-flood or session-table attacks. Stateful inspection is the baseline of every modern enterprise firewall and forms the foundation for NGFW features such as application identification.
● Examples
- 01
A Linux iptables ruleset using conntrack to permit ESTABLISHED,RELATED return traffic.
- 02
A Cisco ASA tracking outbound HTTP flows so responses are allowed back automatically.
● Frequently asked questions
What is Stateful Firewall?
A firewall that tracks the state of active connections in a connection table and allows return traffic that matches an established session. It belongs to the Network Security category of cybersecurity.
What does Stateful Firewall mean?
A firewall that tracks the state of active connections in a connection table and allows return traffic that matches an established session.
How do you defend against Stateful Firewall?
Defences for Stateful Firewall typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Stateful Firewall?
Common alternative names include: Stateful inspection firewall.