Ah...got it, this was sloppy phrasing on my part. I meant "first" in the sense of "first rule that one should write". Depending on the firewall type/implementation, that might be the rule that's lexically first or last (or maybe somewhere else).
---rsk
