If it is a client machine and has a default DROP policy on incoming packets, then ALLOW packets associated with open connections. You probably don't need any other special rules. Just set up policies to allow OUTPUT packets on the ports you want. Only associated packets will be accepted IN.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]