iptables(8) -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
administration tool for IPv4 packet filtering and NAT
-A, --append chain rule-specification
       Append one or more rules to the end of the selected chain.  When  the  source  and/or  destination
       names  resolve  to  more  than  one  address,  a  rule  will  be  added  for each possible address
    This module, when combined with connection tracking, allows access to the connection tracking  state  for
    this packet.

    [!] --state state
           Where  state  is  a  comma  separated list of the connection states to match.  Possible states are
           INVALID meaning that the packet could not be identified for some reason which includes running out
           of memory and ICMP errors which don't correspond to any known connection, ESTABLISHED meaning that
           the packet is associated with a connection which has seen packets in both directions, NEW  meaning
           that  the packet has started a new connection, or otherwise associated with a connection which has
           not seen packets in both directions, and RELATED  meaning  that  the  packet  is  starting  a  new
           connection,  but  is  associated  with an existing connection, such as an FTP data transfer, or an
           ICMP error.  UNTRACKED meaning that the packet is not tracked at all, which happens if you use the
           NOTRACK target in raw table.
-j, --jump target
       This  specifies the target of the rule; i.e., what to do if the packet matches it.  The target can
       be a user-defined chain (other than the one this rule is in), one of the special  builtin  targets
       which  decide the fate of the packet immediately, or an extension (see EXTENSIONS below).  If this
       option is omitted in a rule (and -g is not used), then matching the rule will have  no  effect  on
       the packet's fate, but the counters on the rule will be incremented.
source manpages: iptables