CyberGlossary

Network Security

Stateless Firewall

Also known as: Packet-filtering firewall, ACL-based firewall

Definition

A firewall that evaluates each packet independently against static rules, without tracking the state of connections.

A stateless firewall inspects each packet in isolation, applying rules based on header fields such as source/destination IP, port, and protocol, but it does not maintain any record of past flows or connection state. This makes it extremely fast and memory-efficient — well suited to high-throughput environments like ISP edges, ACLs on routers and switches, or AWS Network ACLs — but it forces administrators to write explicit rules for both directions of every flow. Stateless filters are vulnerable to spoofing, fragmentation tricks, and traffic that exploits the lack of session context. Modern designs typically combine stateless ACLs at the network edge with stateful firewalls deeper in the architecture.

Examples

  • An AWS Network ACL blocking inbound traffic on port 22 from 0.0.0.0/0.
  • A router ACL permitting only TCP/443 between two subnets in both directions explicitly.

Related terms