Link to home
Start Free TrialLog in
Avatar of pawanopensource
pawanopensource

asked on

What is statefull and stateless packet filtering

What is statefull and stateless packet filtering
ASKER CERTIFIED SOLUTION
Avatar of Robert Sutton Jr
Robert Sutton Jr
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of pawanopensource
pawanopensource

ASKER

what i understand by experts replies

stateless filtering looks the rule source destination,port n protocol if rules matches it will allow n if rule dosent matches it will drop.


can some explain statefull filtering more clearly.sorry for asking again.
Stateless filtering look at a packet's header (and even contents), make a decision whether to forward or drop, and then forget about the packet.  If another packet comes along that is part of the same data flow flow (a follow-ip or or reply to the first packet), a stateless device will not treat the new packet any different than any other packet it might receive.

In contrast, stateful filtering also investigates a packet's header and contents, makes a decision to forward or drop (same as stateless filtering), but keeps record of the packet, so future decisions can be made based on earlier packets.  So the rules in stateful filtering are built not only through specifying the information contained in the packet (Source and destination IP & port), but also the information it collected from previous packets (the state of the data connection).

So stateful filters look at every individual packet, but not in isolation, but in context of the expected data flows.  For example, when looking at standard TCP connectivity, stateful filtering will require that a TCP connection is established first (through the TCP-handshake algorithm) before data can be transmitted - If a data packet arives before a connection is established or after it is terminated, the packet is dropped, but if the same packet arrives after the connection has been established, it is permitted.

With stateless filtering, the filtering device cannot make a determination if a connection has been established, and will permit traffic only based on the rules regarding source and destination IP and ports it has been configured with.