What feature of a firewall distinguishes between incoming and outgoing connections?

Stateful inspection is a feature of a firewall that monitors the state of active connections and determines which packets are allowed through the firewall based on the context of the traffic. Unlike simple packet filtering, which makes decisions based only on predefined rules without keeping track of the state of connections, stateful inspection can differentiate between incoming and outgoing connections by maintaining a table of active sessions. This allows the firewall to ensure that packets belonging to a legitimate active connection are allowed through while unauthorized packets are blocked. This capability enhances network security by allowing for more sophisticated checks based on the state of the connection, making it easier to identify and manage legitimate traffic patterns.

In contrast, packet filtering only examines individual packets independently, while traffic shaping focuses on the regulation of network traffic flow to ensure quality of service. Protocol analysis involves inspecting the details of network protocols but doesn't necessarily manage connection states.