Indeed, this rules makes the kernel accept all UDP datagrams arriving at port 1024 and higher. Ports starting from 1024 are where programs normally bind to. Only root is allowed to bind below 1024. Therefore, since nmblookup and the smb mount program did not bind at port 137, but at the first one available above 1023, the previous rule would reject the response from the Windows computers.