Stateful packet filtering maintains complete session state
information for each connation
. Each time a
Transmission Control Protocol (TCP)
or User
Datagram Protocol (UDP)
connection is
established for inbound or outbound connections, the information is logged in a
stateful session flow table.
The stateful session flow table contains the
source and destination addresses, port numbers, TCP sequencing information, and
additional flags for each TCP or UDP connection associated with that particular
session. This information creates a connection object and, consequently, all
inbound and outbound packets are compared against session flows in the stateful
session flow table. Data is permitted through the firewall only if an
appropriate connection exists to validate its passage.
This method is
effective because of the following:
- It works on packets and connections.
- It operates at a higher performance level than packet filtering or using a
proxy server.
- It records data in a table for every connection or connectionless
transaction. This table serves as a reference point to determine if packets
belong to an existing connection or are from an unauthorized source.