Firewalls are the gatekeepers of network traffic. Understanding the difference between stateless packet filtering and stateful inspection is critical for designing rules that actually stop sophisticated attacks.
Stateless firewalls evaluate each packet in isolation based on static headers (IP, Port, Protocol). They don't remember previous packets, making them fast but vulnerable to spoofing and fragmentation attacks.
💡 Pro-tip: Stateless ACLs are still useful on core routers for high-speed, infrastructure-level filtering (e.g., blocking RFC 1918 addresses from the internet edge).
# Cisco IOS Stateless ACL Example
access-list 101 deny tcp any host 10.0.0.5 eq 23
access-list 101 permit ip any anyThis ACL drops Telnet traffic to a specific host. It checks every packet against this list without tracking if a connection was previously established.
Stateful firewalls maintain a state table of active connections. If an outbound SYN is allowed, the firewall automatically permits the inbound SYN-ACK without needing an explicit inbound rule.
⚠️ Stateful firewalls can be exhausted by SYN floods if the state table fills up. Always implement state-table limits and SYN proxy features on edge firewalls.
| Feature | Stateless | Stateful |
|---|---|---|
| Memory | Low (No table) | High (Tracks sessions) |
| Performance | Line-rate | Slight overhead |
| Context | Single packet | Entire connection |
Verify exercises to earn ★ 150 XP and unlock next lab level.