Transforming a stateful firewall ruleset into a stateless ruleset.

[diekmann]

While being harder to administrate than stateful firewalls, stateless firewalls may be faster. This is in particular important if someone is trying to DOS a firewall. Can we translate a stateful ruleset into a stateless ruleset on the fly to withstand the DOS attack? Does this really help?

Pull requests welcome :-)

Interested? I am happy to help. Send me an email: http://www.net.in.tum.de/de/mitarbeiter/diekmann/

This feature can also be implemented as part of a thesis or interdisciplinary project at Technische Universität München.