What is a "state flood"? Why do you think a stateless firewall is superior, or even desirable?
a.) When allowing web traffic, is it neecessary to allow port range 1000:65535 ?
Regardless of the inbound port or protocol, for most, you *must* accept return traffic, or the connection cannot be made.
b.) What is needed to safely have a default OUTPUT DROP,
Rule of Thumb: If you need help to make it work, you do not need OUTPUT filtering. Just say No to DROP. :)
Why do you want OUTPUT DROP? What are you defending against? Generally a stronger and more effective defense against hostile system users would be something like SELinux. Another good idea:
don't give untrusted people shell access.