Before any NetworkPolicy selects a Pod, it accepts all ingress traffic (non-isolated). Once any policy with Ingress in policyTypes selects it, the Pod becomes isolated: only traffic explicitly allowed by rules in any selecting policy is permitted. Everything else is denied.
Official docs