i m little confuse need your help.Stateful firewall in which state create whn packet comes from lower interface to higher interface it first check stateful if connection there packet allow if not pakect deny
stateless no connection table create
then which thing allow lower interface packet to come higher interface packet in stateless firewall?
"Packet-filtering(stateless) firewalls validate packets based on protocol, source and/or destination IP addresses, source and/or destination port numbers, time range, Differentiate Services Code Point (DSCP), type of service (ToS), and various other parameters within the IP header. Packet filtering is generally accomplished using Access Control Lists (ACL) on routers or switches and are normally very fast, especially when performed in an Application Specific Integrated Circuit (ASIC). As traffic enters or exits an interface, ACLs are used to match selected criteria and either permit or deny individual packets."
With a stateless firewall it is purely down to the access-list applied to the incoming interface, although to call it a firewall is stretching the point somewhat.
The important thing to remember is that if the device is stateless each individual packet is treated in isolation, ie it is not seen as part of a connection, it is simply seen as an individual packet with a src/dst IP, src/dst port etc. and it is checked in isolation against the acl.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...