how statefull firewall works for udp?

Blake Hudson blake at
Fri Jan 21 13:40:33 CST 2011

These protocols have their own headers, as well as the IP header that
the firewall can use to maintain state. The difference between them and
TCP is that these protocols are connectionless. Thus, the firewall does
not know when the connection has closed. The typical solution to this is
to have an arbitrary (often user configurable) timer that allows the
firewall to remove old connections from the firewall's state table. A
similar process also occurs with TCP, albeit with a much longer timeout,
because of the possibility of connections not being closed correctly.


-------- Original Message  --------
Subject: how statefull firewall works for udp?
From: Tarig Ahmed <tariq198487 at>
To: nanog at list <nanog at>, African Network Operators
<afnog at>
Date: Friday, January 21, 2011 12:39:51 PM
> Dear All
> Hi
> Default configuration for statefull firewall is to allow traffic form
> As I Know those device will use some feilds in the TCP Header.
> But, how the firewall will handle this policy for none TCP traffics
> (udp, icmp, and IPsec)?
> I think understanding this will help me in the designing.
> Thanks

More information about the NANOG mailing list