Firewall Rule sets

A firewall rule set consists of a list of acceptance and denial rules, and a default policy that is applied if a packet doesn't match any rule.
The rule lists are called chains because a packet is matched against each rule in the list, one-by-one, until a match is found or the list is exhausted.
Think of rules as pairs, an input rule and and output rule.
The lists of rules defining what can come in and what can go out are called chains. The input and output chains are not necessarily 100% symmetric.

A firewall rule set consists of a list of acceptance and denial rules, and a default policy that is applied if a packet doesn't match any rule.