firewall and the feedback from a server

["cadu aranha" <oxyopes@googlemail.com>]

Hello people,
i want to understand how IP FILTER deals with the feedback
of a certain server, requested for a job.
For example, i connect thru SSH from A to B (port B:22).
> From B i send the X11 to A (port A:6010).
My IPFilter config at A hast no explicit rule allowing in B at port 6010,
but only allow out SSH to B. However i can get X11 from B thru
the procedure above.
However, i dont know which mechanism controls that, and how
standard is this opening of ports for the servers feedback.
Maybe in other applications it would not work.
Another example:
I am trying to allow my desktop to print to a network printer by the
following rules:

pass out quick on rl0 proto tcp from $MyIP to $printerIP port = 515
flags S keep state
pass in quick on rl0 proto tcp from $printerIP to $MyIP flags S keep state

How could i do that better?
When do i have to explicit a rule to open for the feedback conection
of a server?
A general explanation of how these feedback controls would be appreciated.
Thanks in advance.
[]s