I've documented a "common use case" iptables traversal that makes it easy (well I think) to look at the different tables the packet will go through and where you should put your rule.
The best image showing the travel path is this one from here: https://www.frozentux.net/iptables-tutorial/chunkyhtml/c962.html
This is the one that makes it clear that you can't filter everything through the INPUT chain. All the traffic forwarded to a DNAT does not go through INPUT. BUT I still do find that the "Per use case" packet traversing is NOT obvious. Don't get me wrong, this graph is exact & complete, but your interpretation of where a connection starts and ends is left to you and you are likely to make the wrong assumptions (if you're not already familiar with the flow)