this chain is present on all IPFire machines and is designed to prevent traffic to remote IPsec networks whose IPsec tunnels have not been established yet (information leakage prevention). Most likely 172.16.117.0/24 is a remote network of an IPsec connection you configured.
REJECT is more suitable than DROP here, since the user gets an error message faster.
The source code of the initscript executing the corresponding iptables commands is available here.