The firewalling in Linux is highly flexible and can be very complicated. Linuxconf is proposing a simple logic that simplifies the composition of the firewalling rule. While this logic helps create and maintain a basic firewall, some configurations may not be created with linuxconf. Here is the logic:
When you activate one of the three firewalling systems (input, forward, output), Linuxconf will set the default policy to deny. All rules you enter are indeed holes or openings in the firewall. If you enter no rules, then your machine will be pretty isolated, answering to nothing.