Rule 2. This is the actual lockdown rule. It denies any other connection attempts to the firewall. I select "drop" as the action, instead of "reject", since this will give out less information and make scanning take longer.
Rule 3. This is a standard "allow anything outbound" rule. Many organizations allow their internal users any service outbound. In this example, these sessions are not logged since they are "trusted" and will quickly fill up the logs". If this rule were placed before rule #2, then any internal user would have full access to the Firewall. The destination Any in this rule includes the firewall.
Rule 4. This rule allows the Internet to connect to an internal mailserver. Many companies receive email in this manner.
Rule 5. The standard clean up rule. If the
session was not accepted, drop the packet and log the session.