Avatar of pawanopensource
pawanopensource
 asked on

What is statefull and stateless packet filtering

What is statefull and stateless packet filtering
Network SecurityRoutersSwitches / Hubs

Avatar of undefined
Last Comment
Otto_N

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Robert Sutton Jr

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Otto_N

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
pawanopensource

ASKER
what i understand by experts replies

stateless filtering looks the rule source destination,port n protocol if rules matches it will allow n if rule dosent matches it will drop.


can some explain statefull filtering more clearly.sorry for asking again.
Otto_N

Stateless filtering look at a packet's header (and even contents), make a decision whether to forward or drop, and then forget about the packet.  If another packet comes along that is part of the same data flow flow (a follow-ip or or reply to the first packet), a stateless device will not treat the new packet any different than any other packet it might receive.

In contrast, stateful filtering also investigates a packet's header and contents, makes a decision to forward or drop (same as stateless filtering), but keeps record of the packet, so future decisions can be made based on earlier packets.  So the rules in stateful filtering are built not only through specifying the information contained in the packet (Source and destination IP & port), but also the information it collected from previous packets (the state of the data connection).

So stateful filters look at every individual packet, but not in isolation, but in context of the expected data flows.  For example, when looking at standard TCP connectivity, stateful filtering will require that a TCP connection is established first (through the TCP-handshake algorithm) before data can be transmitted - If a data packet arives before a connection is established or after it is terminated, the packet is dropped, but if the same packet arrives after the connection has been established, it is permitted.

With stateless filtering, the filtering device cannot make a determination if a connection has been established, and will permit traffic only based on the rules regarding source and destination IP and ports it has been configured with.
Your help has saved me hundreds of hours of internet surfing.
fblack61