Why does firewall allow http response packets to reach my host at port, say, 48406, though my host does not allow any inbound connection?

My host is firewalled by the rule that allows everything outbound and nothing inbound. If I make a http request to some website, the website server will respond to some port on my host, for example, 48406.

Now, port 48406 is not allowed in the inbound rule, why are the response packets allowed to pass through the wall?


Because the firewall can identify it as part of an established and allowed connection (outbound port 80). This is a fundamental requirement for a firewall, otherwise you wouldn't be able to communicate at all, as source ports are usually random for such kind of connections.