A rule with state=related, protocol=tcp might do the trick.
Essential to NOT include state=established.
afaik, "Related" is only used with protocols that open extra ports , like ftp , pptp , and SIP.
The protocol=tcp makes sure, this setting doesn't mess up SIP or PPTP, as those secondary protocols are GRE and UDP