@shivank gupta and @superask
Yes TCP Syn and ACK flag bits are used in STATEFUL Firewall .
All packets with "SYN" in their header received by the firewall are interpreted to open new connections. Firewall drops all packets which are not associated with an existing connection recorded in its state table (or "SYN" packets) .And prevent unsolicited connections with the protected machine by black hat hacking.
If the service requested by the client is available on the server, it will respond with a "SYN-ACK" packet which the firewall will also track.
Once the firewall receives the client's "ACK" response, it transfers the connection to the "ESTABLISHED" state as the connection has been authenticated bidirectionally. This allows tracking of future packets through the established connection.
Stateful firewall utilizes traffic that is using the Transport Control Protocol (TCP). TCP is stateful to begin with. TCP keeps track of its connections through the use of source and destination address, port number and IP flags. A connection will begin with a three way handshake (SYN, SYN-ACK, ACK) and typically end with a two way exchange (FIN, ACK).
Once a connection is maintained as established communication is freely able to occur between hosts. With TCP, this state entry in the table is maintained as long as the connection remains established (no FIN, ACK exchange) or until a timeout occurs.
Reference:
- https://en.wikipedia.org/wiki/Stateful_firewall#Description
- https://www.pluralsight.com/blog/it-ops/stateful-firewall-fundamentals
This way all 3 options are correct and D is the answer.
