It wouldn't be just any Rule because generally the Rules are outbound only. Inbound Rules are Reverse-NAT Rules (regardless of what weird name the manufacture may call them), so it would have to be a fouled up Reverse-NAT Rule which would be easy to spot since it probably would fail to perform its orginginally intended job.
Phillip, if you allow me to go a little bit off-topic: It depends on which NAT box you are sitting and what type of NAT is used. For example you may create a "typical" NAT rule on that box, nating from inside to outside, one IP address on the external interface. So you have no firewall rules yet, and no inbound NAT rule or how would you call that. That does not imply that I cannot talk from external directly with any of the hosts behind your NAT device, 'cause I might be able to do that just fine, using their original IP addresses. I've seen that on some Linux-based boxes. Just to let know, the vendor does not say anything about that behaviour (I won't give names, so don't ask), in the docs is just "normal" stuff... Even if you set some firewall rules on those boxes, I might be able to still "chat". It goes down to the definition of "expectation", how the admin would expect by default his box to behave... Sometimes it does not have nothing to do with incompetence, it's just human weakness. Best, J