That allows it essentially to create or to accept incoming connections from the outside world.

After a socket has been associated with an address, prepares it for incoming connections.

On the other hand, those are not incoming connections.

And their computers are being protected from incoming unsolicited connections.

You say, allow incoming connections only from this IP range into my local network.

The thing is, most incoming connections are handled by system level "daemons" rather than applications.

Flare system provides a network event loop that accept incoming connections.

The targeted web server will be plugged up by the incoming connections.

At that point your browser works, other stuff works, but all incoming connections are blocked.

The operator makes all the incoming, outgoing and internal connections.