The pass and block rules for your firewall. The rules are processed from the top down to the first match. For example, if you want to block all smtp from everyone but the mail server, you have to allow the mail server first, then block everyone. The "match" allowing the mail server will mean the mail server never even gets to your block.
The LAN interface is the only one with a "Default Rule" any other interfaces, such as VPNs or Opt interfaces will have no rule by default. You must create one before any traffic is allowed out.