How to avoid allowing ephemeral port range rule in nftables

I am using Ubuntu 20.04 OS with dnsjava client library to query DNS servers. I have nftables rule in this machine which block all traffic on ports except ephemeral port range 32768-61000 which will be used by dnsjava to get results from DNS server. table inet tb { chain input { type filter hook input priority 0; policy drop; tcp dport 32768-61000 accept udp dport 32768-61000 accept .... .... } chain forward { .... } chain output { ..... } } It looks like allowing 32768-61000 range might be security flaw. But completely blocking this port range is adding latency in dns resolution and many failure due to timeout. Is there way we can avoid this rule allowing port range in nftables? Is there any nftable feature which we can use to avoid this without impacting dns resolution latency?