Stateful packet filters are more secure because they allow only the packets in response to requests to pass through the firewall. For this reason, the procedures in this section describe how to configure stateful packet filters. However, static packet filters offer faster performance, so a list of equivalent static filters is provided, should you choose to configure them.
If you choose to configure static filters for the TCP protocol, you should enable ACK bit filtering so that all inbound packets that do not have the TCP ACK bit set are dropped by the server.