stateless firewall
1> in a stateless firewall it can only perform either to block or allow the packet.
2> it cannot see the traffic pattern of the packets.
3>Stateless firewalls watch network traffic and restrict, or block packets based on source and destination addresses or other static values.
They’re not ‘aware’ of traffic patterns or data flows.
A stateless firewall uses simple rule-sets that do not account for the possibility that a packet might be received by the firewall ‘pretending’ to be something you asked for.
4>A stateless firewall filter, also known as an access control list (ACL), does not stateful inspect traffic.
Instead, it evaluates packet contents statically and does not keep track of the state of network connections
stateful firewall
1>Stateful firewalls can watch traffic streams from end to end.
2>They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption.
3>In technical terms, this means that stateful firewalls can tell what stage a TCP connection is in (open, open sent, synchronized, synchronization acknowledge or established).
4>It can tell if the MTU has changed and whether packets have fragmented. etc.
Stateful firewall - A Stateful firewall is aware of the connections that pass through it. It adds and maintains information about a user's connections in a state table, referred to as a connection table. It then uses this connection table to implement the security policies for users’ connections. An example of the stateful firewall is PIX, ASA, Checkpoint.
Stateless firewalls - (Packet Filtering) Stateless firewalls, on the other hand, does not look at the state of connections but just at the packets themselves. An example of a packet filtering firewall is the Extended Access Control Lists on Cisco IOS Routers.
STATELESS Firewalls
Stateless firewalls watch network traffic and restrict, or block packets based on source and destination addresses or other static values. They’re not ‘aware’ of traffic patterns or data flows. A stateless firewall uses simple rule-sets that do not account for the possibility that a packet might be received by the firewall ‘pretending’ to be something you asked for.
A stateless firewall filter, also known as an access control list (ACL), does not state fully inspect traffic. Instead, it evaluates packet contents statically and does not keep track of the state of network connections.