Stateful vs Stateless Firewalls

  • Stateful Firewalls:

    • Track connections: They remember the state of active connections and allow return traffic automatically.

    • Example: If inbound traffic is allowed, the response traffic (outbound) is automatically allowed, without needing a separate rule.

    • Used by: AWS Security Groups.

  • Stateless Firewalls:

    • No connection tracking: Each request is treated independently, and responses need explicit permission.

    • Example: If inbound traffic is allowed, you also need to define outbound rules separately to allow response traffic.

    • Used by: AWS Network ACLs.

⚙️ Key Differences

Feature
Stateful Firewalls
Stateless Firewalls

Connection Tracking

Tracks connection state

Does not track connection state

Return Traffic

Automatically allows return traffic

Requires separate rules

Example

AWS Security Groups

AWS Network ACLs

🧠 Quick Summary

  • Stateful = Automatic return traffic (think Security Groups).

  • Stateless = Requires explicit rules for both inbound and outbound (think Network ACLs).

Stateless Firewalls

Stateful Firewalls

Last updated