Stateful vs Stateless Firewalls
Last updated
Last updated
Stateful Firewalls:
Track connections: They remember the state of active connections and allow return traffic automatically.
Example: If inbound traffic is allowed, the response traffic (outbound) is automatically allowed, without needing a separate rule.
Used by: AWS Security Groups.
Stateless Firewalls:
No connection tracking: Each request is treated independently, and responses need explicit permission.
Example: If inbound traffic is allowed, you also need to define outbound rules separately to allow response traffic.
Used by: AWS Network ACLs.
Connection Tracking
Tracks connection state
Does not track connection state
Return Traffic
Automatically allows return traffic
Requires separate rules
Example
AWS Security Groups
AWS Network ACLs
Stateful = Automatic return traffic (think Security Groups).
Stateless = Requires explicit rules for both inbound and outbound (think Network ACLs).