Stateful vs Stateless Firewalls
Stateful Firewalls:
Track connections: They remember the state of active connections and allow return traffic automatically.
Example: If inbound traffic is allowed, the response traffic (outbound) is automatically allowed, without needing a separate rule.
Used by: AWS Security Groups.
Stateless Firewalls:
No connection tracking: Each request is treated independently, and responses need explicit permission.
Example: If inbound traffic is allowed, you also need to define outbound rules separately to allow response traffic.
Used by: AWS Network ACLs.
⚙️ Key Differences
Connection Tracking
Tracks connection state
Does not track connection state
Return Traffic
Automatically allows return traffic
Requires separate rules
Example
AWS Security Groups
AWS Network ACLs
🧠 Quick Summary
Stateful = Automatic return traffic (think Security Groups).
Stateless = Requires explicit rules for both inbound and outbound (think Network ACLs).


Stateless Firewalls

Stateful Firewalls

Last updated