What defines a stateful firewall?

• A. Filters packets solely by IP address
• B. Inspects application payloads for all traffic
• C. Blocks all traffic by default
• D. Tracks connection state and allows packets that belong to established connections

Answer: (D)

Stateful filtering relies on tracking the flow of each conversation. The firewall keeps a table of active connections, noting who’s talking to whom, what protocol is used, and the progress of the handshake. When a packet arrives, it’s allowed if it belongs to an existing, valid connection or if it’s part of a permitted new connection that the firewall rules explicitly allow. This means return traffic from inside the network is allowed without opening broad access, because the firewall recognizes it as part of an established connection. In contrast, filtering only by IP address is stateless, because it doesn’t consider the connection’s context; inspecting application payloads focuses on content rather than connection state; and blocking everything by default is a policy stance, not the mechanism that defines a stateful firewall.