I found this post while doing some research: SOHO 3 IS NOT FULLY SECURE FROM YOUR ADSL ROUTER WITHOUT THIS CONFIG: KEEPING YOUR LAN SAFE FROM HACKERS (see answer at the bottom) :-)
I understand it as the SOHO in default allow mode blocks all inbound traffic, but if there is something on your network that needs inbound connections, it will allow it. Therefore changing the default to deny will block the device that needed the inbound connection?