What is the difference between a stateful and stateless firewall?

• A. A stateful firewall tracks active connections, while a stateless firewall treats each packet in isolation
• B. A stateless firewall tracks active connections, while a stateful firewall treats each packet in isolation
• C. A stateful firewall inspects traffic only at the data-link layer
• D. They are identical in behavior

Answer: (A)

Tracking the state of active connections is what sets a stateful firewall apart. It builds and maintains a state table as a conversation progresses, making decisions based on both the packet header and the context of the established connection. For example, when your browser opens a TCP connection to a web server, the firewall notes the SYN and then allows the subsequent SYN-ACK and ACK as part of that same session, without needing a separate rule for every response. A stateless firewall, by contrast, inspects each packet in isolation and relies solely on the current packet’s headers and the static rule set, so return traffic would require explicit rules and the firewall cannot infer that inbound packets belong to an existing connection. This difference explains why stateful firewalls generally offer stronger protection for legitimate traffic flows while still consuming more resources. The other statements aren’t accurate: stateful firewalls aren’t limited to the data-link layer, they aren’t identical in behavior, and a stateless firewall does not track active connections.