What does a stateful firewall do differently than a stateless firewall?

A stateful firewall operates by monitoring and keeping track of the state of active connections and understanding the context of network traffic. This capability enables the firewall to make more informed decisions about which packets to allow or block. By treating packets as a "team" that belongs to a particular connection, the stateful firewall can recognize established sessions and the expected sequence of packets. For example, if a request is made from an internal network to an external server, the firewall will be aware of this active connection and can thus allow the response packets back in, ensuring a smoother and more secure communication.

This is in contrast to a stateless firewall, which evaluates each packet in isolation without context about the connection state. The stateless model relies on predefined rules and does not know whether a packet is part of an established session, leading to less sophisticated filtering capabilities. Therefore, the ability of stateful firewalls to track connections adds a significant layer of security and performance when managing network traffic.