Figure 14-8 Stateless Firewall (Packet Filtering)
Stateful inspection firewalls: Packets are examined with other
packets in the flow. Such firewalls monitor the state of active
connections and use this information to determine which network
packets to allow. Stateful firewalls are advanced compared to stateless
packet filtering firewalls. They continuously keep track of the state of
the network and the active connections it has, such as TCP streams or
User Datagram Protocol (UDP) communication. The ability to
acknowledge and use the contents of incoming traffic and data packets
is one of the principal advantages of stateful firewalls, as it enables
these firewalls to tell the difference between legitimate and malicious
traffic or packets. This ultimately makes stateful firewalls one of the
most powerful security tools in modern policies that protect network
connections through the implementation of additional security
procedures for new or ongoing/active links. Figure 14-9 shows an
example of a stateful firewall that keeps track of the data from User1
and allows it to flow to the email and web server.