Chains are traversed from the top down.

Every rule is checked in the order they appear in the chain.

If a rule matches the packet that's traversing the chain the action the matched rule specifies is performed.

It can be a DROP or ACCEPT action ore one of the many other actions availiable.

If a packet traverses a chain but no rule matches the packet the default policy is performed, this policy can be ACCEPT or DROP