This chapter showed you the basics of using CBAC to implement stateful filtering and inspection of traffic. Cisco recommends CBAC over RACLs when implementing stateful filtering because of the ease of its configuration as well as its enhanced features, including application inspection. With application inspection, CBAC can monitor connections to limit the commands executed on them, to prevent certain kinds of DoS attacks, to detect embedded nontranslated addressing information and translate this information, as well as many other things.

Next up is Chapter 10, which shows you how to filter Java applets and web information using external content filter servers, CBAC, and the Cisco IOS Network-Based Application Recognition (NBAR) feature.