stateful filtering. Stateful filters evolved from packet-filter routers but do not filter by packets.
Rather, they work at Layer 4 of the OSI model and are based on connections from endpoint to
endpoint. They can extract connection data from packets that go through the stateful filter
firewall and remember which connections are open and are still going through the device. PIX
firewalls do not have routing tables because they do not route IP packets. Rather, PIX firewalls
use state tables to grant a packet access to networks through the PIX firewall.
to a certain connection (see Figure 15-9) and not allow potential hostile packets into the
network from nonexistent connections. Stateful filtering can place an extensive amount of
information about a data packet into the table and use that information to grant the following
packets access to either the inside, outside, or DMZ networks.