In the documentation it says that the order of the rules is very important, but there is no detailed explaination of the "rule for rules". My general approach is to place the deny rules first, then the allow rules, then the publishing rules, followed by the default deny rule last. Are there any tips or tricks to follow in ordering the rules?
That is definitely one way to do it. However, the best way to implement firewall policy is to have no deny rules. Instead, you allow access only to required resources to the appropriate uses. If there is no allow rule, then access is denied.
However, there are situations where you can see conflicts, such as a user belongs to one group that has access and another group that is not allowed access. In cases such as these, its good to put the deny above the allow, otherwise the allow will be processed first.