Stateful firewall? Where?
The most commonly used firewall configurations used by many Linux based firewall have been optimized to the point where they aren't proper stateful firewalls anymore. The port filtering stuff doesn't keep state at all as it only trusts the packets to say they aren't established (RFC 3514 style) and rely on the NAT engine to keep track of the rest of the state info. One those routers, that means anything not using NAT, isn't stateful at all and anything that opens up external access on demand like UPnP effectively breaks the stateful nature of a firewall. The same is true for many business grade firewalls. An easy way to verify this is to check how much memory is used per data stream and if it is too low, it can't be stateful.