The following works for UDP too: -A INCOMING -m state --state RELATED,ESTABLISHED -j ACCEPT Leastways, I can do AFS through my firewall with it. David