Filtering Technologies
Stateful filtering

Stateful packet filtering maintains complete session state information for each connation . Each time a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established for inbound or outbound connections, the information is logged in a stateful session flow table.

The stateful session flow table contains the source and destination addresses, port numbers, TCP sequencing information, and additional flags for each TCP or UDP connection associated with that particular session. This information creates a connection object and, consequently, all inbound and outbound packets are compared against session flows in the stateful session flow table. Data is permitted through the firewall only if an appropriate connection exists to validate its passage.

This method is effective because of the following:

  • It works on packets and connections.
  • It operates at a higher performance level than packet filtering or using a proxy server.
  • It records data in a table for every connection or connectionless transaction. This table serves as a reference point to determine if packets belong to an existing connection or are from an unauthorized source.