Stateful firewalls keep track of connections and can use connection information when deciding whether to allow or deny traffic.
Allowing a request only requires one rule. For instance, when the local host sends a request to a remote host, the connection’s ephemeral port is automatically allowed for inbound connections when the remote host responds, without having to allow full range of ephemeral ports for all inbound requests. Similarly, when the local host receives a request on port 443, it can send a response using an ephemeral port without an explicit allow rule.