Which of the following is one of the two simple DEFAULT SPI firewall rules for packets that attempt to open connections?

In a stateful (SPI) firewall, traffic is allowed or blocked based on the state of connections. For packets that try to open a connection, the typical default behavior is to permit inside-to-outside traffic. This lets hosts within the network initiate connections to external services, and the firewall tracks the session so the return traffic is allowed as part of that established connection. The complementary default rule blocks unsolicited traffic from outside to inside, preventing external hosts from opening new connections into the internal network. A blanket “deny all” would be too restrictive, and allowing external to internal would create unnecessary security risks. So permitting internal to external is the appropriate default.