SóProvas

-P, --policy chain target Set the policy for the chain to the given target. See the section TARGETS for the legal targets. Only built-in (non-user-defined) chains can have policies, and neither built-in nor user-defined chains can be policy targets.


Manpage: http://ipset.netfilter.org/iptables.man.html

Basicamente, na opção A a política padrão adotada será a de descartar(DROP) tudo que estiver relacionado as chains INPUT(entrada pro server), OUTPUT(saída do server) e FORWARD(encaminhamento através do server).