What are these sshguard rules actually doing?

This is the standard way for sshguard to protect ssh connections including all else, but I think its only design work for black/white listing ...
block in quick on $ext_if from <sshguard> label "ssh bruteforce"

What is the difference in these two rules below? How do they work? I’m guessing that the one with inet is used to protect a server and the one without is more suited for a desktop or workstation. Both are doing logging, but one has also added a way to do blacklisting. If so, I wonder if they can be combine like explain below in the block drop method. My main concern is which is best, and why.
block in log quick on $ext_if from <sshguard> label "ssh bruteforce"
block drop in log quick on $ext_if inet from <sshguard> to any
What would happen if I add the "ssh bruteforce" part to the one with the inet type rule, or is it even possible? If this sequent does works, what would it be doing?
block drop in log quick on $ext_if inet from <sshguard> label "ssh bruteforce"
If it don’t work, how should it be written?
Both lines do exactly the same, drop is the default block action. The label is just that, a label. The inet keyword is implied, it's just a moniker to indicate IPv4, which is also the default if you don't supply it.