014.01.60.3. Why is it crucial to allow only trusted packets and deny everything else when configuring firewall rules, and what potential security risks are associated with using a default policy of ACCEPT?
It is crucial to allow only trusted packets because if a bad packet enters the system, it can wreak havoc on the system and may damage the entire network. The potential security risks associated with the default policy of ACCEPT are that no mattter how many rules for drop be added, they won't work as the kernel looks the rules from top to bottom, and having ACCEPT on top will make every packet accepted and hence we won't be able to safeguard the network.
