Stateful Rule Groups and Suricata Rules

Network Firewall organizes rules into rule groups, which are either stateless or stateful. Stateless groups apply fast, connectionless packet rules; stateful groups track connection state and run deeper, signature-based inspection. A firewall policy references both kinds.

Stateless rule groups evaluate each packet independently on basic attributes like source, destination, port, and protocol, then pass, drop, or forward to stateful inspection. They are fast and cheap, ideal for coarse filtering before the deeper stateful engine examines what remains.