Think of it this way:
<YourIP + local port> is allowed to talk with <Remote IP + remote port> using a specified protocol, TCP or UDP.
You make the connection. Remote synchronizes with you and can talk back.
Your rules specify which remote ports you can connect to and which protocols. And no other remote ports permitted.
Your rules do not restrict local ports.
[comment: On Windows XP I restrict local ports to 1027-5000 as that's what Windows uses for applications].
So to get a URL translated to IP, your computer + any local port is allowed to any IP + port 53, using UDP protocol.
[comment: you could limit remote IPs to your DNS servers, not any old IP. Just as in the firewall you could spcify specific mail servers you use so you'll block sending mail to wrong servers]
To get to bleepingcomputer.com, your IP + any local port is allowed to get bleeping IP from the DNS server's port 53.
Then from your IP + any local port you will connect, by TCP, to bleeping http port 80. Or any other website.
Windows (or ubuntu I'm sure) selects the local port and says to the browser hey, talk to me through this little hole numbered 37166 and I'll talk to your little opening, one of 65 thousand, designated as port 80 (or 443 or 465...).
Edited by tos226, 11 April 2011 - 09:44 AM.