Stateless packet inspection

I assume now that you know what a stateless inspection could mean. In this kind of approach, the connection state is not ready; every packet is considered an inpidual packet.

Looking at the example of the previous diagram and firewall rule, if it was a stateless firewall, then the destination update server packets would be blocked at the firewall level because there is no explicit IP of update server allowed in the firewall rule list.

If you are wondering, are stateless firewall actually used? The answer is YES, in lots of places.

AWS provides the functionality of stateful firewall in terms of security groups and stateless firewalls in terms of NACL. Both are powerful and useful in their own cases.