Stateful Firewall Model In order to determine whether a packet should be accepted or discarded, traditional firewalls (i.e., stateless firewalls) examine only the packet itself. In contrast, newer stateful firewalls examine not only the packet but also the state of the firewall. Stateful firewalls can achieve finer access control by tracking the communication state between a private network and the outside Internet. State tracking functionalities in current stateful firewall products, unfortunately, are often hard coded, and different vendors hard code different state tracking functionalities. So far, there is no model for specifying stateful firewalls. Consequently, not only is firewall administrators unable to fully control the function of their firewall, but also it is difficult to design and analyze stateful firewalls.