A stateful firewall has the capability to monitor the entire state of active connections, and thus can make decisions based on the context of the traffic (such as the state of the connection), rather than relying solely on predetermined rules. This allows it to permit or deny traffic based on the history of the connection, which is not something that stateless firewalls can do. Stateless firewalls can only permit or deny traffic based on static rules and do not have the ability to retain connection state information. Dynamic rule creation is not a feature directly associated with being stateful; while a stateful firewall could potentially create rules dynamically, it's the state tracking that defines it. Nor do performance considerations determine whether a firewall is stateful or stateless.