Controlling port-based traffic

The primary approach to implementing security is to control ports on which the traffic is being received. There are two types of firewalls that allow port-based traffic control:

• Stateless firewalls: All rules are uni directional and no state is maintained. The stateless firewall requires us to specify the incoming ports and the outgoing ports the application will communicate on. This was simple in the early days of the internet with services such as DNS using port 53 and active FTP using port 21. But modern applications mostly use ephemeral ports for the return response, so stateless firewalls are hard to control.
• Stateful firewalls: All rules are bi directional. The stateful firewall will maintain a state of the incoming versus return traffic, and will automatically allow a return on any port that matches a request being allowed in the session information. So, essentially, if we allow port 443 for SSL, the firewall will automatically allow a response on any ephemeral port the operating system supports.