What does a stateful inspection firewall do that a stateless packet filtering firewall does not?

A stateful inspection firewall tracks the state of connections, which is a fundamental capability that distinguishes it from a stateless packet filtering firewall. This means that the stateful firewall maintains a record of active connections and monitors the state of these connections, allowing it to make more informed decisions regarding the passage of packets. It can analyze the context of incoming packets in relation to the established connections, such as whether a packet is part of an existing session or if it is an unsolicited request.

By maintaining the state of connections, a stateful firewall can effectively filter packets based not only on predetermined rules but also on the current state of network traffic. This enables it to provide enhanced security measures, such as detecting abnormal behavior associated with connected sessions that a stateless firewall, which does not track connection states, would not be able to identify. Thus, the capability to track connection states is vital for providing a more robust security posture in network environments.