Actually, most firewalls don't check TCP sequence numbers. You are totally correct in that stateless packet filters with "established" are only looking for TCP bits, but the main difference that stateful firewalls add is watching the TCP state machine. Sequence number watching is a bonus, something you can enable on some firewalls, but most of the common ones don't do it by default.
jms