Re: NetFilter connection tracking

If it is a client machine and has a default DROP policy on
incoming packets, then ALLOW packets associated with open
connections. You probably don't need any other special
rules. Just set up policies to allow OUTPUT packets on the
ports you want. Only associated packets will be accepted IN.

