Dynamic Packet Filtering
Dynamic packet filtering is a firewall and routing capability that provides network packet filtering based not only on packet information in the current packet, but also on previous packets that have been sent. For example without dynamic packet filtering, a connection response may be allowed to go from the internet to the secure part of the network. Dynamic packet filtering would consider whether a connection was started from inside the secure part of the network and only allow a connection response from the internet if the packet appeared to be a response to the request.
Dynamic packet filtering filters packets based on:
- Administrator defined rules governing allowed ports and IP addresses at the network and transport layers of the OSI network model.
- Connection state which considers prior packets that have gone through the firewall.
- Packet contents including the application layer contents
Static packet filtering only filters packets based on administrator defined rules governing allowed ports and IP addresses at the network and transport layers of the OSI network model as mentioned in item 1 above. Therefore dynamic packet filtering also called stateful inspection provides additional capabilities including inspection of packet contents up to the application layer and consideration of the state of any connections.
Dynamic packet filtering provides a better level of security than static packet filtering since it takes a closer look at the contents of the packet and also considers previous connection states.